Edit tour
Windows
Analysis Report
1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe
Overview
General Information
| Sample name: | 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Analysis ID: | 1591660 |
| MD5: | a0453ab39ff4d213a85b94f1ad4478ac |
| SHA1: | 8a8f01321a77ac06693bded5cd39b3ca3197cf96 |
| SHA256: | b065d78d5be477fa31886590dca6e95daec84296a2b5d9bd4d293fbc1cbf5cfc |
| Tags: | base64-decodedexeuser-abuse_ch |
| Infos: |   |
 | |
Detection
Remcos
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Contains functionality to bypass UAC (CMSTPLUA)
Detected Remcos RAT
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Deletes itself after installation
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match
Classification
- System is w10x64
1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe (PID: 7404 cmdline: "C:\Users\ user\Deskt op\1736928 426c18fdde c09a286518 9863f87412 7ef0886c6a 264008603d 3a139c5bad 971edfc789 .dat-decod ed.exe" MD5: A0453AB39FF4D213A85B94F1AD4478AC) - 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe (PID: 7612 cmdline:
C:\Users\u ser\Deskto p\17369284 26c18fddec 09a2865189 863f874127 ef0886c6a2 64008603d3 a139c5bad9 71edfc789. dat-decode d.exe /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\qxc zkdlwbpxfp hwlhdzbevc nbfmmhv" MD5: A0453AB39FF4D213A85B94F1AD4478AC) - 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe (PID: 7620 cmdline:
C:\Users\u ser\Deskto p\17369284 26c18fddec 09a2865189 863f874127 ef0886c6a2 64008603d3 a139c5bad9 71edfc789. dat-decode d.exe /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\bri kkvwyoxpsr okpqoucoiw wktwnigvpl " MD5: A0453AB39FF4D213A85B94F1AD4478AC) - 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe (PID: 7636 cmdline:
C:\Users\u ser\Deskto p\17369284 26c18fddec 09a2865189 863f874127 ef0886c6a2 64008603d3 a139c5bad9 71edfc789. dat-decode d.exe /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\dtv cl" MD5: A0453AB39FF4D213A85B94F1AD4478AC) 
wscript.exe (PID: 7748 cmdline: "C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\Temp\sx cxjfxyasvi spvpbyusdo knnytawtn. vbs" MD5: FF00E0480075B095948000BDC66E81F0)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
{"Host:Port:Password": ["treeofwealth.freemyip.com:3980:0", "treeofwealth.freemyip.com:3981:1", "treeofwealthyz.freemyip.com:3980:0"], "Assigned name": "Billionairewealth", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-A5VKNH", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
| Windows_Trojan_Remcos_b296e965 | unknown | unknown |
| |
| REMCOS_RAT_variants | unknown | unknown |
| |
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
| Windows_Trojan_Remcos_b296e965 | unknown | unknown |
| |
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| Click to see the 35 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
| JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
| JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
| Windows_Trojan_Remcos_b296e965 | unknown | unknown |
| |
| REMCOS_RAT_variants | unknown | unknown |
| |
| Click to see the 25 entries | ||||
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: | ||
| Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: | ||
| Source: | Author: Michael Haag: | ||
Stealing of Sensitive Information | |
|---|
| Source: | Author: Joe Security: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-15T09:09:24.977824+0100 | 2032776 | 1 | Malware Command and Control Activity Detected | 192.168.2.11 | 49707 | 172.111.137.101 | 3980 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-15T09:09:25.671718+0100 | 2032777 | 1 | Malware Command and Control Activity Detected | 172.111.137.101 | 3980 | 192.168.2.11 | 49707 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-15T09:09:27.652856+0100 | 2803304 | 3 | Unknown Traffic | 192.168.2.11 | 49709 | 178.237.33.50 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_00432B45 | |
| Source: | Code function: | 3_2_00404423 | |
| Source: | Binary or memory string: | memstr_087637b4-0 | |
Exploits | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Privilege Escalation | |
|---|
| Source: | Code function: | 0_2_00406764 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040B335 | |
| Source: | Code function: | 0_2_0040B53A | |
| Source: | Code function: | 0_2_0041B63A | |
| Source: | Code function: | 0_2_0044D7F9 | |
| Source: | Code function: | 0_2_004089A9 | |
| Source: | Code function: | 0_2_00406AC2 | |
| Source: | Code function: | 0_2_00407A8C | |
| Source: | Code function: | 0_2_00408DA7 | |
| Source: | Code function: | 0_2_00418E5F | |
| Source: | Code function: | 0_2_100010F1 | |
| Source: | Code function: | 0_2_10006580 | |
| Source: | Code function: | 3_2_0040AE51 | |
| Source: | Code function: | 4_2_00407EF8 | |
| Source: | Code function: | 5_2_00407898 | |
| Source: | Code function: | 0_2_00406F06 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | Suricata IDS: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_0040455B | |
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | Code function: | 0_2_004099E4 | |
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00415B5E | |
| Source: | Code function: | 0_2_00415B5E | |
| Source: | Code function: | 3_2_0040987A | |
| Source: | Code function: | 3_2_004098E2 | |
| Source: | Code function: | 4_2_00406DFC | |
| Source: | Code function: | 4_2_00406E9F | |
| Source: | Code function: | 5_2_004068B5 | |
| Source: | Code function: | 5_2_004072B5 | |
| Source: | Code function: | 0_2_00415B5E | |
| Source: | Code function: | 0_2_00409B10 | |
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Spam, unwanted Advertisements and Ransom Demands | |
|---|
| Source: | Code function: | 0_2_0041BD82 | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_0041742B | |
| Source: | Code function: | 0_2_0041AECC | |
| Source: | Code function: | 0_2_0041AEF8 | |
| Source: | Code function: | 3_2_0040DD85 | |
| Source: | Code function: | 3_2_00401806 | |
| Source: | Code function: | 3_2_004018C0 | |
| Source: | Code function: | 4_2_004016FD | |
| Source: | Code function: | 4_2_004017B7 | |
| Source: | Code function: | 5_2_00402CAC | |
| Source: | Code function: | 5_2_00402D66 | |
| Source: | Code function: | 0_2_00415A51 | |
| Source: | Code function: | 0_2_0043D04B | |
| Source: | Code function: | 0_2_0042707E | |
| Source: | Code function: | 0_2_0041301D | |
| Source: | Code function: | 0_2_00441030 | |
| Source: | Code function: | 0_2_00453110 | |
| Source: | Code function: | 0_2_004271B8 | |
| Source: | Code function: | 0_2_0041D27C | |
| Source: | Code function: | 0_2_004522E2 | |
| Source: | Code function: | 0_2_0043D2A8 | |
| Source: | Code function: | 0_2_00437360 | |
| Source: | Code function: | 0_2_004363BA | |
| Source: | Code function: | 0_2_0042645F | |
| Source: | Code function: | 0_2_00431582 | |
| Source: | Code function: | 0_2_0043672C | |
| Source: | Code function: | 0_2_0041E7EA | |
| Source: | Code function: | 0_2_0044C949 | |
| Source: | Code function: | 0_2_004269D6 | |
| Source: | Code function: | 0_2_004369D6 | |
| Source: | Code function: | 0_2_0043CBED | |
| Source: | Code function: | 0_2_00432C54 | |
| Source: | Code function: | 0_2_00436C9D | |
| Source: | Code function: | 0_2_0043CE1C | |
| Source: | Code function: | 0_2_00436F58 | |
| Source: | Code function: | 0_2_00434F32 | |
| Source: | Code function: | 0_2_10017194 | |
| Source: | Code function: | 0_2_1000B5C1 | |
| Source: | Code function: | 3_2_0044B040 | |
| Source: | Code function: | 3_2_0043610D | |
| Source: | Code function: | 3_2_00447310 | |
| Source: | Code function: | 3_2_0044A490 | |
| Source: | Code function: | 3_2_0040755A | |
| Source: | Code function: | 3_2_0043C560 | |
| Source: | Code function: | 3_2_0044B610 | |
| Source: | Code function: | 3_2_0044D6C0 | |
| Source: | Code function: | 3_2_004476F0 | |
| Source: | Code function: | 3_2_0044B870 | |
| Source: | Code function: | 3_2_0044081D | |
| Source: | Code function: | 3_2_00414957 | |
| Source: | Code function: | 3_2_004079EE | |
| Source: | Code function: | 3_2_00407AEB | |
| Source: | Code function: | 3_2_0044AA80 | |
| Source: | Code function: | 3_2_00412AA9 | |
| Source: | Code function: | 3_2_00404B74 | |
| Source: | Code function: | 3_2_00404B03 | |
| Source: | Code function: | 3_2_0044BBD8 | |
| Source: | Code function: | 3_2_00404BE5 | |
| Source: | Code function: | 3_2_00404C76 | |
| Source: | Code function: | 3_2_00415CFE | |
| Source: | Code function: | 3_2_00416D72 | |
| Source: | Code function: | 3_2_00446D30 | |
| Source: | Code function: | 3_2_00446D8B | |
| Source: | Code function: | 3_2_00406E8F | |
| Source: | Code function: | 4_2_00405038 | |
| Source: | Code function: | 4_2_0041208C | |
| Source: | Code function: | 4_2_004050A9 | |
| Source: | Code function: | 4_2_0040511A | |
| Source: | Code function: | 4_2_0043C13A | |
| Source: | Code function: | 4_2_004051AB | |
| Source: | Code function: | 4_2_00449300 | |
| Source: | Code function: | 4_2_0040D322 | |
| Source: | Code function: | 4_2_0044A4F0 | |
| Source: | Code function: | 4_2_0043A5AB | |
| Source: | Code function: | 4_2_00413631 | |
| Source: | Code function: | 4_2_00446690 | |
| Source: | Code function: | 4_2_0044A730 | |
| Source: | Code function: | 4_2_004398D8 | |
| Source: | Code function: | 4_2_004498E0 | |
| Source: | Code function: | 4_2_0044A886 | |
| Source: | Code function: | 4_2_0043DA09 | |
| Source: | Code function: | 4_2_00438D5E | |
| Source: | Code function: | 4_2_00449ED0 | |
| Source: | Code function: | 4_2_0041FE83 | |
| Source: | Code function: | 4_2_00430F54 | |
| Source: | Code function: | 5_2_004050C2 | |
| Source: | Code function: | 5_2_004014AB | |
| Source: | Code function: | 5_2_00405133 | |
| Source: | Code function: | 5_2_004051A4 | |
| Source: | Code function: | 5_2_00401246 | |
| Source: | Code function: | 5_2_0040CA46 | |
| Source: | Code function: | 5_2_00405235 | |
| Source: | Code function: | 5_2_004032C8 | |
| Source: | Code function: | 5_2_004222D9 | |
| Source: | Code function: | 5_2_00401689 | |
| Source: | Code function: | 5_2_00402F60 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 3_2_004182CE | |
| Source: | Code function: | 0_2_00416C9D | |
| Source: | Code function: | 5_2_00410DE1 | |
| Source: | Code function: | 3_2_00418758 | |
| Source: | Code function: | 0_2_0040E2F1 | |
| Source: | Code function: | 0_2_0041A84A | |
| Source: | Code function: | 0_2_00419DBA | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Command line argument: | 0_2_0040D83A | |
| Source: | Static PE information: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | Evasive API call chain: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_0041BEEE | |
| Source: | Code function: | 0_2_004560D2 | |
| Source: | Code function: | 0_2_00434219 | |
| Source: | Code function: | 0_2_00456A0E | |
| Source: | Code function: | 0_2_10002819 | |
| Source: | Code function: | 3_2_0044694D | |
| Source: | Code function: | 3_2_0044DB84 | |
| Source: | Code function: | 3_2_0044DBAC | |
| Source: | Code function: | 3_2_00451D61 | |
| Source: | Code function: | 4_2_0044B0A4 | |
| Source: | Code function: | 4_2_0044B0CC | |
| Source: | Code function: | 4_2_00451D41 | |
| Source: | Code function: | 4_2_00444E81 | |
| Source: | Code function: | 5_2_00414074 | |
| Source: | Code function: | 5_2_0041409C | |
| Source: | Code function: | 5_2_00414049 | |
| Source: | Code function: | 5_2_004165C4 | |
| Source: | Code function: | 5_2_004165C4 | |
| Source: | Code function: | 5_2_004165C4 | |
| Source: | Code function: | 0_2_00406128 | |
| Source: | Code function: | 0_2_00419DBA | |
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File deleted: | Jump to behavior | ||
| Source: | Code function: | 0_2_0041BEEE | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_0040E627 | |
| Source: | Code function: | 3_2_0040DD85 | |
| Source: | Code function: | 0_2_00419AB8 | |
| Source: | Window found: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-52704 | ||
| Source: | API coverage: | ||
| Source: | Code function: | 0_2_0040B335 | |
| Source: | Code function: | 0_2_0040B53A | |
| Source: | Code function: | 0_2_0041B63A | |
| Source: | Code function: | 0_2_0044D7F9 | |
| Source: | Code function: | 0_2_004089A9 | |
| Source: | Code function: | 0_2_00406AC2 | |
| Source: | Code function: | 0_2_00407A8C | |
| Source: | Code function: | 0_2_00408DA7 | |
| Source: | Code function: | 0_2_00418E5F | |
| Source: | Code function: | 0_2_100010F1 | |
| Source: | Code function: | 0_2_10006580 | |
| Source: | Code function: | 3_2_0040AE51 | |
| Source: | Code function: | 4_2_00407EF8 | |
| Source: | Code function: | 5_2_00407898 | |
| Source: | Code function: | 0_2_00406F06 | |
| Source: | Code function: | 3_2_00418981 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-54293 | ||
| Source: | API call chain: | |||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0043A86D | |
| Source: | Code function: | 3_2_0040DD85 | |
| Source: | Code function: | 0_2_0041BEEE | |
| Source: | Code function: | 0_2_00442764 | |
| Source: | Code function: | 0_2_10004AB4 | |
| Source: | Code function: | 0_2_00410BF1 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_00434378 | |
| Source: | Code function: | 0_2_0043A86D | |
| Source: | Code function: | 0_2_00433D4F | |
| Source: | Code function: | 0_2_00433EE2 | |
| Source: | Code function: | 0_2_100060E2 | |
| Source: | Code function: | 0_2_10002639 | |
| Source: | Code function: | 0_2_10002B1C | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_0041742B | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 0_2_0041100E | |
| Source: | Code function: | 0_2_0041894A | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00434015 | |
| Source: | Code function: | 0_2_0040E751 | |
| Source: | Code function: | 0_2_0045107A | |
| Source: | Code function: | 0_2_004512CA | |
| Source: | Code function: | 0_2_004472BE | |
| Source: | Code function: | 0_2_004513F3 | |
| Source: | Code function: | 0_2_004514FA | |
| Source: | Code function: | 0_2_004515C7 | |
| Source: | Code function: | 0_2_004477A7 | |
| Source: | Code function: | 0_2_00450C8F | |
| Source: | Code function: | 0_2_00450F52 | |
| Source: | Code function: | 0_2_00450F07 | |
| Source: | Code function: | 0_2_00450FED | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404915 | |
| Source: | Code function: | 0_2_0041A9AD | |
| Source: | Code function: | 0_2_0044804A | |
| Source: | Code function: | 3_2_0041739B | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_0040B21B | |
| Source: | Code function: | 0_2_0040B335 | |
| Source: | Code function: | 0_2_0040B335 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Code function: | 4_2_004033F0 | |
| Source: | Code function: | 4_2_00402DB3 | |
| Source: | Code function: | 4_2_00402DB3 | |
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | Mutex created: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00405042 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 11 Scripting | Valid Accounts | 21 Native API | 11 Scripting | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 12 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 13 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Bypass User Account Control | 2 Obfuscated Files or Information | 211 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 2 Encrypted Channel | Exfiltration Over Bluetooth | 1 Defacement |
| Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Windows Service | 1 Access Token Manipulation | 1 Software Packing | 2 Credentials in Registry | 1 System Service Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Remote Access Software | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Windows Service | 1 DLL Side-Loading | 3 Credentials In Files | 3 File and Directory Discovery | Distributed Component Object Model | 211 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 222 Process Injection | 1 Bypass User Account Control | LSA Secrets | 38 System Information Discovery | SSH | 3 Clipboard Data | 12 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 File Deletion | Cached Domain Credentials | 31 Security Software Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Masquerading | DCSync | 4 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 222 Process Injection | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 70% | Virustotal | Browse | ||
| 100% | Avira | BDS/Backdoor.Gen | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| treeofwealth.freemyip.com | 172.111.137.101 | true | true | unknown | |
| geoplugin.net | 178.237.33.50 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.111.137.101 | treeofwealth.freemyip.com | United States | 36351 | SOFTLAYERUS | true | |
| 178.237.33.50 | geoplugin.net | Netherlands | 8455 | ATOM86-ASATOM86NL | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1591660 |
| Start date and time: | 2025-01-15 09:08:29 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 30s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Detection: | MAL |
| Classification: | mal100.rans.phis.troj.spyw.expl.evad.winEXE@9/5@2/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 178.237.33.50 | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| geoplugin.net | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| SOFTLAYERUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Wannacry | Browse |
| ||
| Get hash | malicious | Wannacry | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| ATOM86-ASATOM86NL | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 144 |
| Entropy (8bit): | 3.379519383183141 |
| Encrypted: | false |
| SSDEEP: | 3:rglsLlFHl5NU5JWRal2Jl+7R0DAlBG45klovDl6v:MlsLlVlQ5YcIeeDAlOWAv |
| MD5: | 0144D3B09CCE12D3968307C5E342354E |
| SHA1: | A51F19E61D02B3196ADAA51B916345D188D0F959 |
| SHA-256: | 5D39F8AD7EB834F473A770F0E7552B2BC3EFE4E5E5FF735A846A1123082C95C3 |
| SHA-512: | 1D1B7A27CDA2B33E65CD8B703E91DBC6E139D90314CC62185540DC6F8448DB6715B877A7C6914E2A4E1834B74CC4DD16718164CA54CB031150558C7369C32144 |
| Malicious: | true |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 963 |
| Entropy (8bit): | 5.018722888793802 |
| Encrypted: | false |
| SSDEEP: | 12:tkluWJmnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zz2:qlupdRNuKyGX85jvXhNlT3/7XcV7Wro |
| MD5: | 267F9EC6CC4E12E1C5709DF015F4696F |
| SHA1: | D9A4A1DB44DB5776CA5821E37206665999BFC558 |
| SHA-256: | 8DB7063EB28EBF372CB46CDE7B85DCC719076BDD3A2DCA3CCF7E3881355AED3A |
| SHA-512: | 0907B58486F974BCD909ECA874F0A93E33DB534DEAA32EA3F332752C3D8CF284901187D642B22FE6718A8D98087D39BEE91317989AA62B3D1B0EA20D0CC8630A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16252928 |
| Entropy (8bit): | 0.9010264538376098 |
| Encrypted: | false |
| SSDEEP: | 12288:8gCLxtI8m4ZXwSlyIZJK4KNKYKTKSSIQ:sLxjbVivK |
| MD5: | 2F2636AE7B7B9DAEF509A509209BCCD2 |
| SHA1: | 3ABF563735B8F93851E84117EC3A68CA5AFDCBAD |
| SHA-256: | DAA8BF51982FEE1A0D174AE195276F3FE66A76BDE4E2538E965BC87C6D9CBCAA |
| SHA-512: | 4108AD9FAE1B9256CB5F79E9295DABDE73E19DA312F219D8010B6C0C6E672534147E0AAC78C6301F13AE5830417114ED53FE801721599DBFBC5E16C3D2348BEF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 1.0 |
| Encrypted: | false |
| SSDEEP: | 3:Qn:Qn |
| MD5: | F3B25701FE362EC84616A93A45CE9998 |
| SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
| SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
| SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 3.595341625601307 |
| Encrypted: | false |
| SSDEEP: | 12:xQ4lA2++ugypjBQMPURKA4WpDPTL27G4Q3DlA4WpDPTL27G49Hz/0aimi:7a2+SDYWtPTL2HQTHWtPTL2H9Aait |
| MD5: | 7E00EC7F492BB5F4FE161E07A9225834 |
| SHA1: | BA5905D7F1B376F5604E9225DE3754E5C22603E5 |
| SHA-256: | 22DDEAA0864A55389FDB9667277432CB35D46483D003030A84DFB06CE5D8B9C8 |
| SHA-512: | 6408492EBE238C7827F402D4649052632A4968A2806E238F45F04F2A552DCD65F5E6CF28CF70E09300EAF9C42AA802AA47764015CCB441AC829B1F38EB79C076 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.589583555838135 |
| TrID: |
|
| File name: | 1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| File size: | 493'568 bytes |
| MD5: | a0453ab39ff4d213a85b94f1ad4478ac |
| SHA1: | 8a8f01321a77ac06693bded5cd39b3ca3197cf96 |
| SHA256: | b065d78d5be477fa31886590dca6e95daec84296a2b5d9bd4d293fbc1cbf5cfc |
| SHA512: | 51c1e03d1a7892d3b8943c42d6ee2a57cf077b041041f31278da272ebaeef575d689446cfddb53c1a71cd7fcffa4f96ed34e65032e184fbbe45ef0cad85f47d6 |
| SSDEEP: | 12288:513ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQMS:rak/mBXTV/R0nEF76gFZn |
| TLSH: | B9A4BF01BAD2C072D57654300C3AE775DEBDBD212839897BB3D61D97FD30190A63AAB2 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H....*..H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H. |
 | |
| Icon Hash: | 95694d05214c1b33 |
| Entrypoint: | 0x433d45 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x677C5D61 [Mon Jan 6 22:46:57 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | e77512f955eaf60ccff45e02d69234de |
| Instruction |
|---|
| call 00007FC90D4807E8h |
| jmp 00007FC90D48013Fh |
| push ebp |
| mov ebp, esp |
| sub esp, 00000324h |
| push ebx |
| push 00000017h |
| call 00007FC90D4A261Eh |
| test eax, eax |
| je 00007FC90D4802C7h |
| mov ecx, dword ptr [ebp+08h] |
| int 29h |
| push 00000003h |
| call 00007FC90D480484h |
| mov dword ptr [esp], 000002CCh |
| lea eax, dword ptr [ebp-00000324h] |
| push 00000000h |
| push eax |
| call 00007FC90D4827A0h |
| add esp, 0Ch |
| mov dword ptr [ebp-00000274h], eax |
| mov dword ptr [ebp-00000278h], ecx |
| mov dword ptr [ebp-0000027Ch], edx |
| mov dword ptr [ebp-00000280h], ebx |
| mov dword ptr [ebp-00000284h], esi |
| mov dword ptr [ebp-00000288h], edi |
| mov word ptr [ebp-0000025Ch], ss |
| mov word ptr [ebp-00000268h], cs |
| mov word ptr [ebp-0000028Ch], ds |
| mov word ptr [ebp-00000290h], es |
| mov word ptr [ebp-00000294h], fs |
| mov word ptr [ebp-00000298h], gs |
| pushfd |
| pop dword ptr [ebp-00000264h] |
| mov eax, dword ptr [ebp+04h] |
| mov dword ptr [ebp-0000026Ch], eax |
| lea eax, dword ptr [ebp+04h] |
| mov dword ptr [ebp-00000260h], eax |
| mov dword ptr [ebp-00000324h], 00010001h |
| mov eax, dword ptr [eax-04h] |
| push 00000050h |
| mov dword ptr [ebp-00000270h], eax |
| lea eax, dword ptr [ebp-58h] |
| push 00000000h |
| push eax |
| call 00007FC90D482716h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6f030 | 0x104 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x77000 | 0x4b60 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7c000 | 0x3b9c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6d520 | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x6d5f8 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6d558 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x58000 | 0x4f4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5612d | 0x56200 | 5c74fad187ce0ec180ec04ec1b2886cc | False | 0.5738587400217707 | data | 6.626093338563234 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x58000 | 0x18b10 | 0x18c00 | 6a99ef6306230cc107eebd633ea523fe | False | 0.49747474747474746 | data | 5.749671721823548 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x71000 | 0x5d94 | 0xe00 | f36050cd29c9ed45c5f5146a79631724 | False | 0.22712053571428573 | data | 3.113812036269812 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x77000 | 0x4b60 | 0x4c00 | db49ff166a096cfb609c55526262b4f7 | False | 0.2847964638157895 | data | 3.990297001306316 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x7c000 | 0x3b9c | 0x3c00 | 1ed637208bbcc0435870762eae94c19a | False | 0.759375 | data | 6.709901047445024 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x7718c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.3421985815602837 |
| RT_ICON | 0x775f4 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.27704918032786885 |
| RT_ICON | 0x77f7c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.23686679174484052 |
| RT_ICON | 0x79024 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.22977178423236513 |
| RT_RCDATA | 0x7b5cc | 0x551 | data | 1.0080822924320352 | ||
| RT_GROUP_ICON | 0x7bb20 | 0x3e | data | English | United States | 0.8064516129032258 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExpandEnvironmentStringsA, GetLongPathNameW, CopyFileW, GetLocaleInfoA, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, VirtualProtect, SetLastError, VirtualFree, VirtualAlloc, LoadLibraryA, GetNativeSystemInfo, HeapAlloc, GetProcessHeap, FreeLibrary, IsBadReadPtr, GetTempPathW, OpenProcess, OpenMutexA, lstrcatW, GetCurrentProcessId, GetTempFileNameW, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GetTickCount, GlobalUnlock, WriteProcessMemory, ResumeThread, GetThreadContext, ReadProcessMemory, CreateProcessW, SetThreadContext, LocalAlloc, GlobalFree, MulDiv, SizeofResource, QueryDosDeviceW, FindFirstVolumeW, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, lstrlenW, GetStdHandle, SetFilePointer, FindResourceA, LockResource, LoadResource, LocalFree, FindVolumeClose, GetVolumePathNamesForVolumeNameW, lstrcpyW, SetConsoleOutputCP, FormatMessageA, FindFirstFileA, AllocConsole, lstrcmpW, GetModuleFileNameA, lstrcpynA, QueryPerformanceFrequency, QueryPerformanceCounter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapSize, WriteConsoleW, SetStdHandle, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindFirstFileExA, HeapReAlloc, ReadConsoleW, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetFileType, GetTimeZoneInformation, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetACP, GetModuleHandleExW, MoveFileExW, LoadLibraryExW, RaiseException, RtlUnwind, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, CompareStringW, MultiByteToWideChar, DecodePointer, EncodePointer, TlsFree, TlsSetValue, GetFileSize, TerminateThread, GetLastError, GetModuleHandleA, RemoveDirectoryW, MoveFileW, SetFilePointerEx, CreateDirectoryW, GetLogicalDriveStringsA, DeleteFileW, FindNextFileA, DeleteFileA, SetFileAttributesW, GetFileAttributesW, FindClose, lstrlenA, GetDriveTypeA, FindNextFileW, GetFileSizeEx, FindFirstFileW, GetModuleHandleW, ExitProcess, GetProcAddress, CreateMutexA, GetCurrentProcess, CreateProcessA, PeekNamedPipe, CreatePipe, TerminateProcess, ReadFile, HeapFree, HeapCreate, CreateEventA, GetLocalTime, CreateThread, SetEvent, CreateEventW, WaitForSingleObject, Sleep, GetModuleFileNameW, CloseHandle, ExitThread, CreateFileW, WriteFile, FindNextVolumeW, TlsGetValue, TlsAlloc, SwitchToThread, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, IsProcessorFeaturePresent, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, WaitForSingleObjectEx, ResetEvent, InitializeCriticalSectionAndSpinCount, SetEndOfFile |
| USER32.dll | DefWindowProcA, TranslateMessage, DispatchMessageA, GetMessageA, GetWindowTextW, wsprintfW, GetClipboardData, UnhookWindowsHookEx, GetForegroundWindow, ToUnicodeEx, GetKeyboardLayout, SetWindowsHookExA, CloseClipboard, OpenClipboard, GetKeyboardState, CallNextHookEx, GetKeyboardLayoutNameA, GetKeyState, GetWindowTextLengthW, GetWindowThreadProcessId, SetForegroundWindow, SetClipboardData, EnumWindows, ExitWindowsEx, EmptyClipboard, ShowWindow, SetWindowTextW, MessageBoxW, IsWindowVisible, CreateWindowExA, SendInput, EnumDisplaySettingsW, mouse_event, MapVirtualKeyA, TrackPopupMenu, CreatePopupMenu, AppendMenuA, RegisterClassExA, GetCursorPos, SystemParametersInfoW, GetIconInfo, GetSystemMetrics, CloseWindow, DrawIcon |
| GDI32.dll | BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, GetDIBits, DeleteDC, DeleteObject, CreateDCA, GetObjectA, SelectObject |
| ADVAPI32.dll | LookupPrivilegeValueA, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, GetUserNameW, RegEnumKeyExA, QueryServiceStatus, CloseServiceHandle, OpenSCManagerW, OpenSCManagerA, ControlService, StartServiceW, QueryServiceConfigW, ChangeServiceConfigW, OpenServiceW, EnumServicesStatusW, AdjustTokenPrivileges, RegDeleteKeyA, OpenProcessToken, RegCreateKeyA, RegCloseKey, RegQueryInfoKeyW, RegQueryValueExA, RegCreateKeyExW, RegEnumKeyExW, RegSetValueExW, RegSetValueExA, RegOpenKeyExA, RegOpenKeyExW, RegCreateKeyW, RegDeleteValueW, RegEnumValueW, RegQueryValueExW |
| SHELL32.dll | ShellExecuteExA, Shell_NotifyIconA, ExtractIconA, ShellExecuteW |
| ole32.dll | CoInitializeEx, CoGetObject, CoUninitialize |
| SHLWAPI.dll | StrToIntA, PathFileExistsW, PathFileExistsA |
| WINMM.dll | mciSendStringA, mciSendStringW, waveInClose, waveInStop, waveInStart, waveInUnprepareHeader, waveInOpen, waveInAddBuffer, waveInPrepareHeader, PlaySoundW |
| WS2_32.dll | send, WSAStartup, socket, connect, WSAGetLastError, recv, closesocket, inet_ntoa, htons, htonl, getservbyname, ntohs, getservbyport, gethostbyaddr, inet_addr, WSASetLastError, gethostbyname |
| urlmon.dll | URLOpenBlockingStreamW, URLDownloadToFileW |
| gdiplus.dll | GdipAlloc, GdiplusStartup, GdipGetImageEncoders, GdipLoadImageFromStream, GdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdipDisposeImage, GdipCloneImage |
| WININET.dll | InternetOpenUrlW, InternetOpenW, InternetCloseHandle, InternetReadFile |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-15T09:09:24.977824+0100 | 2032776 | ET MALWARE Remcos 3.x Unencrypted Checkin | 1 | 192.168.2.11 | 49707 | 172.111.137.101 | 3980 | TCP |
| 2025-01-15T09:09:25.671718+0100 | 2032777 | ET MALWARE Remcos 3.x Unencrypted Server Response | 1 | 172.111.137.101 | 3980 | 192.168.2.11 | 49707 | TCP |
| 2025-01-15T09:09:27.652856+0100 | 2803304 | ETPRO MALWARE Common Downloader Header Pattern HCa | 3 | 192.168.2.11 | 49709 | 178.237.33.50 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 15, 2025 09:09:24.971463919 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:24.976248980 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:24.976453066 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:24.977823973 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:24.982600927 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.671717882 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.673681974 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:25.678477049 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.846115112 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.848342896 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:25.853195906 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.853285074 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:25.854042053 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:25.858834982 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:25.890571117 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:25.980304956 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.031198978 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.551090002 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551131010 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551142931 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551219940 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551232100 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551243067 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551250935 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.551254034 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551268101 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551282883 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551299095 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.551476002 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.551476002 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.556139946 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.556163073 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.556586981 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.674249887 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674268961 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674282074 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674288988 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674453974 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.674516916 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674530029 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674544096 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674556017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.674576998 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.674576998 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.674626112 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.674998999 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675096989 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675117016 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675128937 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675136089 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675209999 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.675209999 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.675904036 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675924063 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675940037 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675952911 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675966978 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.675998926 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.675998926 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.675998926 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.676734924 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.676781893 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.676794052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.676806927 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.676855087 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.676855087 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.679282904 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.718713045 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.790982008 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.790997028 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.791086912 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.843873024 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.843888998 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.843899965 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.843996048 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844007969 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844048023 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844069004 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844167948 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844181061 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844192982 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844204903 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844284058 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844284058 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844683886 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844723940 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844742060 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844827890 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844839096 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844851017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.844893932 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.844971895 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.845055103 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845098972 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845104933 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845146894 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.845519066 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845531940 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845544100 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845555067 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845567942 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845568895 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.845578909 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845592022 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845611095 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.845643044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.845643044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.845643044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.846388102 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846399069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846410990 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846424103 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846435070 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846446037 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846458912 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846471071 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.846492052 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.846492052 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.846518040 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.847279072 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847337008 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.847368956 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847390890 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847399950 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847405910 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847410917 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847413063 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847418070 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.847444057 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.847493887 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.848217010 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.848268032 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.848283052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.848287106 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.848293066 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.848407984 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.890585899 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966242075 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966263056 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966276884 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966321945 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966344118 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966345072 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966370106 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966389894 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966401100 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966439009 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966439009 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966439009 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966548920 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966590881 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966609001 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966622114 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966634035 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966640949 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966902971 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966922045 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966927052 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.966933966 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966944933 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.966957092 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967000008 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967000008 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967000008 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967197895 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967238903 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967294931 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967298031 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967308998 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967335939 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967348099 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967353106 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967360020 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967372894 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967392921 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967657089 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967828035 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967840910 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967853069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967864990 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967878103 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967900991 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967900991 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967930079 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967948914 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967959881 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967962980 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.967968941 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967977047 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.967978001 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968565941 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968576908 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968580961 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.968580961 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.968591928 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968611956 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968625069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968636036 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968648911 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.968652010 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.968652010 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.968691111 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969218969 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969229937 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969240904 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969265938 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969279051 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969290018 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969301939 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969312906 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969317913 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969317913 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969326019 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969336987 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969347954 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969358921 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969372034 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.969383001 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969383001 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969383001 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.969398975 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970011950 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970021009 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970024109 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970031977 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970040083 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970051050 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970067024 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970084906 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970113039 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970113039 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970144987 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970156908 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970170021 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970180988 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970192909 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970205069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970208883 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970231056 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970284939 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.970880985 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970897913 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970910072 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970922947 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.970936060 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:26.971061945 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:26.971061945 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.015609026 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.036984921 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Jan 15, 2025 09:09:27.041892052 CET | 80 | 49709 | 178.237.33.50 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.042078972 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Jan 15, 2025 09:09:27.042226076 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Jan 15, 2025 09:09:27.047087908 CET | 80 | 49709 | 178.237.33.50 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056401968 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056420088 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056431055 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056443930 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056454897 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056467056 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.056503057 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.056566000 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.089617968 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089639902 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089653969 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089705944 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089716911 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089729071 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089742899 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089809895 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089822054 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089855909 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.089855909 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.089855909 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.089855909 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.089894056 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089911938 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089924097 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089935064 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.089952946 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090015888 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090015888 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090015888 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090099096 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090111971 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090125084 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090164900 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090177059 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090183020 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090202093 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090203047 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090214014 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090224981 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090235949 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090239048 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090321064 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090322018 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090622902 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090641022 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090652943 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090666056 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090677977 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090689898 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090701103 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090713024 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090724945 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090732098 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090732098 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090732098 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090737104 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.090889931 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090889931 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.090925932 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091012001 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091023922 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091036081 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091053009 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091207981 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091207981 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091298103 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091346025 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091356039 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091357946 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091371059 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091393948 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091428041 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091447115 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091459990 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091485977 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091499090 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091509104 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091588974 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091588974 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091588974 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091612101 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091625929 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091667891 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091727972 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091739893 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091752052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.091923952 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.091923952 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.094819069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.094830990 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.094841957 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.094964027 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.094984055 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.094995975 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095006943 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095019102 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095025063 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095025063 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095029116 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095052004 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095053911 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095066071 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095071077 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095072985 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095077991 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095088959 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095093966 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095112085 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095233917 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095235109 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095447063 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095463991 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095475912 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095494032 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095496893 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095505953 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095516920 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095530987 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095541000 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095546007 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095560074 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095566988 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095566988 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095601082 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095613003 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095623970 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.095889091 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095889091 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.095889091 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096050024 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096061945 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096080065 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096088886 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096091986 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096103907 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096117020 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096132040 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096137047 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096155882 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096168995 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096185923 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096194029 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096194029 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096198082 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096210003 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096223116 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096240044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096240044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096252918 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096266985 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096268892 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096404076 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096602917 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096676111 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096690893 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096730947 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096736908 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096739054 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096743107 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096754074 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096765995 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096780062 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.096838951 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.096838951 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.107175112 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143541098 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143556118 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143615007 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143672943 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143685102 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143696070 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143714905 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143727064 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143737078 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143740892 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143753052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143764019 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143775940 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143790007 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143790007 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143836021 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143855095 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143861055 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143868923 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143876076 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.143881083 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143881083 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.143915892 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.178325891 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178498030 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178510904 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178524017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178536892 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178548098 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178559065 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178572893 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178585052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178596973 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178596020 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.178596020 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.178610086 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178622007 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178636074 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.178643942 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.178664923 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.178664923 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.212508917 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.212522030 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.212536097 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.212548018 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.212559938 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.212621927 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.212666035 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.212979078 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213056087 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213093996 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213129997 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213135004 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213174105 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213190079 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213208914 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213219881 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213226080 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213227987 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213258028 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213274956 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213291883 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213310003 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213313103 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213337898 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213354111 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213356972 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213368893 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213377953 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213385105 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213404894 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213418961 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213421106 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213437080 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213452101 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213454008 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213473082 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213473082 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213502884 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213524103 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213531017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213547945 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213547945 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213561058 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213577986 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213587046 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213591099 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213603020 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213615894 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213630915 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213649035 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213649035 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213654041 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213666916 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213674068 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213680029 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213692904 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213706017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213718891 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213731050 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213735104 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213747025 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213758945 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213761091 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213777065 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213784933 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213798046 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213814020 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213825941 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213828087 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213828087 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213838100 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213855982 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213860035 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213872910 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213885069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213886023 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213897943 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213911057 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213923931 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213936090 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213937044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213948011 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213962078 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213975906 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.213980913 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213980913 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.213989973 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214006901 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214013100 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214019060 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214032888 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214035988 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214046001 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214052916 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214059114 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214077950 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214090109 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214097023 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214114904 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214121103 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214129925 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214143991 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214158058 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214168072 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214168072 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214170933 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214189053 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214199066 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214210033 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214224100 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214235067 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214248896 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214261055 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214267969 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214267969 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214276075 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214301109 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214308023 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214313984 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214328051 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214375973 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214375973 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214382887 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214396000 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214407921 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214426994 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214617968 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214641094 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214659929 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214673996 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214688063 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214700937 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214713097 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214725971 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214729071 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214749098 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214764118 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214776039 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214777946 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214777946 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214790106 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.214812994 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.214812994 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232351065 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232363939 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232376099 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232383966 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232409000 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232462883 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232487917 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232507944 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232522011 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232526064 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232534885 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232549906 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232554913 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232563019 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232577085 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232589006 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232598066 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232603073 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232615948 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232629061 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232649088 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.232660055 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232660055 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.232722044 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.266695976 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266741991 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266753912 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266761065 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.266767979 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266789913 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266803980 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266815901 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266833067 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.266839981 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.266839981 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.266891956 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301157951 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301177025 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301201105 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301213980 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301223993 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301237106 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301245928 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301249027 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301263094 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301276922 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301290035 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301302910 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301332951 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301332951 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301348925 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301362038 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301363945 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301374912 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301388025 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301408052 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301419020 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301419020 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301422119 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301434040 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301448107 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301469088 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301481009 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301491976 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301491976 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301495075 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301507950 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301522017 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.301538944 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301538944 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.301614046 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.652781010 CET | 80 | 49709 | 178.237.33.50 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.652856112 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Jan 15, 2025 09:09:27.707552910 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:27.712398052 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:28.653036118 CET | 80 | 49709 | 178.237.33.50 | 192.168.2.11 |
| Jan 15, 2025 09:09:28.653111935 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Jan 15, 2025 09:09:29.728404999 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:29.733381987 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733397961 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733407974 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733417034 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733439922 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733447075 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:29.733448982 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733478069 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733488083 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733501911 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:29.733566046 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.733576059 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738276005 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738306046 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738317013 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738337040 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738348007 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738369942 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.738395929 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.800312996 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:29.805320978 CET | 3980 | 49708 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:29.805447102 CET | 49708 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:30.562717915 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:30.564165115 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:30.568974018 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:34.361573935 CET | 3980 | 49707 | 172.111.137.101 | 192.168.2.11 |
| Jan 15, 2025 09:09:34.406230927 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:37.109052896 CET | 49707 | 3980 | 192.168.2.11 | 172.111.137.101 |
| Jan 15, 2025 09:09:37.110039949 CET | 49709 | 80 | 192.168.2.11 | 178.237.33.50 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 15, 2025 09:09:24.805629015 CET | 56380 | 53 | 192.168.2.11 | 1.1.1.1 |
| Jan 15, 2025 09:09:24.966552973 CET | 53 | 56380 | 1.1.1.1 | 192.168.2.11 |
| Jan 15, 2025 09:09:27.024949074 CET | 49597 | 53 | 192.168.2.11 | 1.1.1.1 |
| Jan 15, 2025 09:09:27.032418966 CET | 53 | 49597 | 1.1.1.1 | 192.168.2.11 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 09:09:24.805629015 CET | 192.168.2.11 | 1.1.1.1 | 0x44e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 15, 2025 09:09:27.024949074 CET | 192.168.2.11 | 1.1.1.1 | 0xe27d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 09:09:24.966552973 CET | 1.1.1.1 | 192.168.2.11 | 0x44e3 | No error (0) | 172.111.137.101 | A (IP address) | IN (0x0001) | false | ||
| Jan 15, 2025 09:09:27.032418966 CET | 1.1.1.1 | 192.168.2.11 | 0xe27d | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.11 | 49709 | 178.237.33.50 | 80 | 7404 | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 15, 2025 09:09:27.042226076 CET | 71 | OUT | |
| Jan 15, 2025 09:09:27.652781010 CET | 1171 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:09:24 |
| Start date: | 15/01/2025 |
| Path: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 493'568 bytes |
| MD5 hash: | A0453AB39FF4D213A85B94F1AD4478AC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 03:09:26 |
| Start date: | 15/01/2025 |
| Path: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 493'568 bytes |
| MD5 hash: | A0453AB39FF4D213A85B94F1AD4478AC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 03:09:26 |
| Start date: | 15/01/2025 |
| Path: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 493'568 bytes |
| MD5 hash: | A0453AB39FF4D213A85B94F1AD4478AC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 03:09:26 |
| Start date: | 15/01/2025 |
| Path: | C:\Users\user\Desktop\1736928426c18fddec09a2865189863f874127ef0886c6a264008603d3a139c5bad971edfc789.dat-decoded.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 493'568 bytes |
| MD5 hash: | A0453AB39FF4D213A85B94F1AD4478AC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 03:09:34 |
| Start date: | 15/01/2025 |
| Path: | C:\Windows\SysWOW64\wscript.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb0000 |
| File size: | 147'456 bytes |
| MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 5.1% |
| Dynamic/Decrypted Code Coverage: | 3.8% |
| Signature Coverage: | 19.1% |
| Total number of Nodes: | 1821 |
| Total number of Limit Nodes: | 54 |
Graph
Function 0041BEEE Relevance: 115.6, APIs: 40, Strings: 26, Instructions: 140libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041742B Relevance: 61.5, APIs: 29, Strings: 6, Instructions: 290nativelibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004099E4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E627 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 88sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410BF1 Relevance: 7.7, APIs: 5, Instructions: 198memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404915 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60timethreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040455B Relevance: 4.5, APIs: 3, Instructions: 28synchronizationnetworkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041A9AD Relevance: 3.0, APIs: 2, Instructions: 40COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040E751 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004140AC Relevance: 53.4, APIs: 5, Strings: 25, Instructions: 855sleepnetworkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040BF04 Relevance: 45.8, APIs: 6, Strings: 20, Instructions: 260registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00411D59 Relevance: 25.0, APIs: 9, Strings: 5, Instructions: 479sleepfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100012EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A3F4 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 158sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040428C Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 147networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004047EB Relevance: 18.1, APIs: 12, Instructions: 66synchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00409E48 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041A726 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409D97 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004127AA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000C803 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92synchronizationnetworkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004098A5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70threadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004128AD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040AFBA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404688 Relevance: 6.1, APIs: 4, Instructions: 121synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041B79A Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041B825 Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00412A52 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040BED7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044BBCE Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004041F1 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041AE5D Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00414072 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00409517 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004107AB Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446D0F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404262 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040262E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410B96 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00406F06 Relevance: 48.1, APIs: 10, Strings: 17, Instructions: 849filesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405042 Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 280pipesleepfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041100E Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 238threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B335 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 145fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B53A Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 130fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040E2F1 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 212processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00415B5E Relevance: 18.1, APIs: 12, Instructions: 80clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041B63A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 105fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044804A Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370timeCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00409B10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 108keyboardthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041301D Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 391registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418E5F Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 245fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004515C7 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 188COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B21B Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00453110 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004089A9 Relevance: 9.3, APIs: 6, Instructions: 288fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00419DBA Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450C8F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00415A51 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97libraryloadershutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004513F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00407A8C Relevance: 7.7, APIs: 5, Instructions: 183fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00406128 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00408DA7 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045107A Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AECC Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041AEF8 Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004477A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00432C54 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004512CA Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004514FA Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00433EE2 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042707E Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00437360 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10017194 Relevance: .8, Instructions: 751COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044C949 Relevance: .6, Instructions: 637COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041E7EA Relevance: .6, Instructions: 606COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004269D6 Relevance: .4, Instructions: 437COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042645F Relevance: .4, Instructions: 377COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00431582 Relevance: .4, Instructions: 371COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041D27C Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00436C9D Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00436F58 Relevance: .2, Instructions: 244COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004369D6 Relevance: .2, Instructions: 240COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D04B Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D2A8 Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043672C Relevance: .2, Instructions: 232COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CBED Relevance: .2, Instructions: 214COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CE1C Relevance: .2, Instructions: 214COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004271B8 Relevance: .2, Instructions: 186COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418195 Relevance: 52.8, APIs: 29, Strings: 1, Instructions: 324windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040C28E Relevance: 47.5, APIs: 6, Strings: 21, Instructions: 282registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041138D Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 189synchronizationsleepfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041A3B1 Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 180synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040BC67 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 203fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401BE8 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004064E0 Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 62libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B3C6 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044E41E Relevance: 25.9, APIs: 17, Instructions: 419COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041CCA9 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044514D Relevance: 22.8, APIs: 15, Instructions: 296COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00407DEF Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 325fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00413F0F Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 109libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044F5F1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00454B92 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041931E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 174sleeptimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041700D Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 107filesynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404E52 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446FDB Relevance: 15.1, APIs: 10, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100059D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BA2F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 214registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004167E2 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 103sleepfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041CB7A Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00452D3A Relevance: 13.8, APIs: 9, Instructions: 268COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001CCA Relevance: 13.6, APIs: 9, Instructions: 84fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444609 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044821F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171timeCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00412D60 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00406BE9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041C0BB Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446369 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 389COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044FA16 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044418B Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044A2D3 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10009492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401768 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 142threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040E77B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B2A8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041A128 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043980C Relevance: 9.3, APIs: 6, Instructions: 284COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10008821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00403DE7 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 135sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100015DA Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419FE2 Relevance: 9.1, APIs: 6, Instructions: 66serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10003856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419E16 Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00419F7D Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00419F18 Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00412A82 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041CC2A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004069BA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004427E9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10004B39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404AB1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044E34B Relevance: 7.6, APIs: 5, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10007153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B588 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10001E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004434F7 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10005351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416937 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182threadwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044837A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040A611 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044AC83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404B29 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041284C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 100086E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B806 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004115FC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00409C4B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 71sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00442EE2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00442F61 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00447420 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 10005CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418702 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450AEE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004126C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004479A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040AD56 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040ADB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00411771 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Execution Graph
| Execution Coverage: | 6.2% |
| Dynamic/Decrypted Code Coverage: | 9.2% |
| Signature Coverage: | 1.3% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 77 |
Graph
Function 0040DD85 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418758 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404423 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AE51 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418981 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B6EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 388fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413D4C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processlibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413F4F Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041837F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412465 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A804 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040BDB0 Relevance: 12.2, APIs: 8, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414C2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413CA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004087B3 Relevance: 7.7, APIs: 6, Instructions: 190COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004148B6 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044DEF7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D092 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004175ED Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409A45 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004175B7 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004099F4 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040CC26 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BC3B Relevance: 2.7, APIs: 2, Instructions: 195COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004300E8 Relevance: 2.6, APIs: 2, Instructions: 103COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1AB Relevance: 2.5, APIs: 2, Instructions: 14COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403988 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444A54 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413F27 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413D29 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004096C3 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004096DC Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004135E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041493C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044DEA5 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AEBE Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414592 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409B98 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BE52 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004095D9 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068BF Relevance: 1.3, APIs: 1, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AFCF Relevance: 1.3, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B633 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AA04 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00415308 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004182CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041739B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004131DC Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401198 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411346 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 263windowregistryclipboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041352F Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004111C1 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C084 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060A4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D2AB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004082C7 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004044A4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A661 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A06C Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404363 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004185CA Relevance: 9.1, APIs: 6, Instructions: 78COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004174F5 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041748F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D441 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445093 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401137 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004144BB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417434 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041437B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004134C6 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1D1 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B0D1 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004173E4 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|