Windows
Analysis Report
SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe (PID: 3168 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Heur.M unp.1.1107 2.7602.exe " MD5: E3BF1BD1BB1678ECA7BC20F0DE65FB4F) - SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp (PID: 3604 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-429 05.tmp\Sec uriteInfo. com.Gen.He ur.Munp.1. 11072.7602 .tmp" /SL5 ="$10434,2 865995,568 32,C:\User s\user\Des ktop\Secur iteInfo.co m.Gen.Heur .Munp.1.11 072.7602.e xe" MD5: ED4730120FE89130C401E2280D614D75) - gerdaplay3se32_64.exe (PID: 772 cmdline:
"C:\Users\ user\AppDa ta\Local\G erda Play3 SE\gerdap lay3se32_6 4.exe" -i MD5: C26B00F4D8662FF6FAF6841BDAED9586)
- cleanup
{"C2 list": ["heketoh.net"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T23:30:51.433551+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:30:58.182310+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49738 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:04.885128+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:10.685863+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:13.697755+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:14.579307+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.504584+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.885024+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:16.763416+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:17.670685+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:18.570556+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.491503+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.889751+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:20.728634+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:21.633021+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:22.545452+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:23.400715+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49752 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:24.264093+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:25.164603+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49754 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.091434+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.941817+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:27.781324+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49757 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:28.631658+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49758 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.478363+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.853516+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:31.624022+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49760 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.506702+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.883431+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:33.727463+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49762 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:34.597846+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49763 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:35.519771+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49764 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:36.341997+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49765 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:37.179408+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.054745+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.418274+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.255678+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.619366+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:40.445356+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49769 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:41.369534+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:42.213051+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49771 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.033266+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.920621+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49773 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:44.749560+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:45.578373+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49775 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:46.400881+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49776 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:47.250686+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49777 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.084804+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49778 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.916872+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49779 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:49.931624+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:50.762993+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49781 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:51.599294+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:52.536822+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49783 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:53.371113+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49784 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:54.261607+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:55.212742+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49786 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.086627+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49787 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.994568+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49788 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:57.827499+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49789 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:58.662698+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:59.563816+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49791 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:32:00.440828+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 49792 | 45.155.250.128 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T23:30:51.433551+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:30:58.182310+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49738 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:04.885128+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:10.685863+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:13.697755+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:14.579307+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.504584+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.885024+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:16.763416+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:17.670685+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:18.570556+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.491503+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.889751+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:20.728634+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:21.633021+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:22.545452+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:23.400715+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49752 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:24.264093+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:25.164603+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49754 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.091434+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.941817+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49756 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:27.781324+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49757 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:28.631658+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49758 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.478363+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.853516+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:31.624022+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49760 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.506702+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.883431+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:33.727463+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49762 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:34.597846+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49763 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:35.519771+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49764 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:36.341997+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49765 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:37.179408+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.054745+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.418274+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.255678+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.619366+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:40.445356+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49769 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:41.369534+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49770 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:42.213051+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49771 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.033266+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49772 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.920621+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49773 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:44.749560+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49774 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:45.578373+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49775 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:46.400881+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49776 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:47.250686+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49777 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.084804+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49778 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.916872+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49779 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:49.931624+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49780 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:50.762993+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49781 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:51.599294+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49782 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:52.536822+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49783 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:53.371113+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49784 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:54.261607+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49785 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:55.212742+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49786 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.086627+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49787 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.994568+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49788 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:57.827499+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49789 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:58.662698+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49790 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:59.563816+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49791 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:32:00.440828+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 49792 | 45.155.250.128 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Code function: | 1_2_0045D230 | |
Source: | Code function: | 1_2_0045D2E4 | |
Source: | Code function: | 1_2_0045D2FC | |
Source: | Code function: | 1_2_10001000 | |
Source: | Code function: | 1_2_10001130 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00452AD4 | |
Source: | Code function: | 1_2_004753C4 | |
Source: | Code function: | 1_2_00464200 | |
Source: | Code function: | 1_2_0049877C | |
Source: | Code function: | 1_2_004627F8 | |
Source: | Code function: | 1_2_00463D84 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 2_2_02C172AB |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0042F594 | |
Source: | Code function: | 1_2_00423B94 | |
Source: | Code function: | 1_2_004125E8 | |
Source: | Code function: | 1_2_00478EFC | |
Source: | Code function: | 1_2_0045763C |
Source: | Code function: | 1_2_0042E944 |
Source: | Code function: | 0_2_00409448 | |
Source: | Code function: | 1_2_0045568C |
Source: | Code function: | 0_2_0040840C | |
Source: | Code function: | 1_2_004708A0 | |
Source: | Code function: | 1_2_00480E7E | |
Source: | Code function: | 1_2_0043533C | |
Source: | Code function: | 1_2_0046744C | |
Source: | Code function: | 1_2_00488014 | |
Source: | Code function: | 1_2_004303D0 | |
Source: | Code function: | 1_2_0048E4AC | |
Source: | Code function: | 1_2_0044453C | |
Source: | Code function: | 1_2_00434638 | |
Source: | Code function: | 1_2_00444AE4 | |
Source: | Code function: | 1_2_00430F5C | |
Source: | Code function: | 1_2_004870B4 | |
Source: | Code function: | 1_2_0045F16C | |
Source: | Code function: | 1_2_004451DC | |
Source: | Code function: | 1_2_0045B21C | |
Source: | Code function: | 1_2_004694C8 | |
Source: | Code function: | 1_2_004455E8 | |
Source: | Code function: | 1_2_00451A30 | |
Source: | Code function: | 1_2_0043DDC4 | |
Source: | Code function: | 2_2_00401051 | |
Source: | Code function: | 2_2_00401C26 | |
Source: | Code function: | 2_2_02C2E18D | |
Source: | Code function: | 2_2_02C29E84 | |
Source: | Code function: | 2_2_02C34E29 | |
Source: | Code function: | 2_2_02C1EFB1 | |
Source: | Code function: | 2_2_02C2DC99 | |
Source: | Code function: | 2_2_02C28442 | |
Source: | Code function: | 2_2_02C2AC3A | |
Source: | Code function: | 2_2_02C2E5A5 | |
Source: | Code function: | 2_2_02C32DB4 | |
Source: | Code function: | 2_2_02C4B950 | |
Source: | Code function: | 2_2_02C4B4E5 | |
Source: | Code function: | 2_2_02C4BCEB | |
Source: | Code function: | 2_2_02C4BD58 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_02C208B8 |
Source: | Code function: | 0_2_00409448 | |
Source: | Code function: | 1_2_0045568C |
Source: | Code function: | 1_2_00455EB4 |
Source: | Code function: | 2_2_0040270C |
Source: | Code function: | 1_2_0046E1E4 |
Source: | Code function: | 0_2_00409C34 |
Source: | Code function: | 2_2_0040254E |
Source: | Code function: | 2_2_0040254E |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Registry value created: | Jump to behavior |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00450334 |
Source: | Static PE information: |
Source: | Code function: | 0_2_004065FD | |
Source: | Code function: | 0_2_004040F1 | |
Source: | Code function: | 0_2_00408109 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_0040C219 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00408F63 | |
Source: | Code function: | 1_2_00484572 | |
Source: | Code function: | 1_2_00409991 | |
Source: | Code function: | 1_2_00458090 | |
Source: | Code function: | 1_2_004062C5 | |
Source: | Code function: | 1_2_004104F5 | |
Source: | Code function: | 1_2_00412993 | |
Source: | Code function: | 1_2_0049AD3F | |
Source: | Code function: | 1_2_0040CE4A | |
Source: | Code function: | 1_2_004593B4 | |
Source: | Code function: | 1_2_00495389 | |
Source: | Code function: | 1_2_0040F3AA | |
Source: | Code function: | 1_2_004054A9 | |
Source: | Code function: | 1_2_004434B8 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00451897 | |
Source: | Code function: | 1_2_00451A35 | |
Source: | Code function: | 1_2_00485B61 | |
Source: | Code function: | 1_2_00419C3D | |
Source: | Code function: | 1_2_0045FDC8 |
Persistence and Installation Behavior |
---|
Source: | Code function: | 2_2_00401A4F | |
Source: | Code function: | 2_2_02C1F7DA |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Code function: | 2_2_00401A4F | |
Source: | Code function: | 2_2_02C1F7DA |
Source: | Code function: | 2_2_0040254E |
Source: | Code function: | 1_2_00423C1C | |
Source: | Code function: | 1_2_00423C1C | |
Source: | Code function: | 1_2_004241EC | |
Source: | Code function: | 1_2_004241A4 | |
Source: | Code function: | 1_2_00418394 | |
Source: | Code function: | 1_2_0042286C | |
Source: | Code function: | 1_2_0042F2F0 | |
Source: | Code function: | 1_2_004175A8 | |
Source: | Code function: | 1_2_00417CDE | |
Source: | Code function: | 1_2_00417CE0 | |
Source: | Code function: | 1_2_00483E20 |
Source: | Code function: | 1_2_0041F128 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 2_2_00401B4B | |
Source: | Code function: | 2_2_02C1F8DE |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_0-5976 |
Source: | Evasive API call chain: | graph_2-20953 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 1_2_00452AD4 | |
Source: | Code function: | 1_2_004753C4 | |
Source: | Code function: | 1_2_00464200 | |
Source: | Code function: | 1_2_0049877C | |
Source: | Code function: | 1_2_004627F8 | |
Source: | Code function: | 1_2_00463D84 |
Source: | Code function: | 0_2_00409B78 |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-6773 | ||
Source: | API call chain: | graph_2-21173 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_02C300FE |
Source: | Code function: | 2_2_02C300FE |
Source: | Code function: | 1_2_00450334 |
Source: | Code function: | 2_2_02C1648B |
Source: | Code function: | 2_2_02C29468 |
Source: | Code function: | 1_2_00478940 |
Source: | Code function: | 1_2_0042EE28 |
Source: | Code function: | 1_2_0042E0AC |
Source: | Code function: | 2_2_02C1F792 |
Source: | Code function: | 0_2_0040520C | |
Source: | Code function: | 0_2_00405258 | |
Source: | Code function: | 1_2_00408578 | |
Source: | Code function: | 1_2_004085C4 |
Source: | Code function: | 1_2_00458670 |
Source: | Code function: | 0_2_004026C4 |
Source: | Code function: | 1_2_00455644 |
Source: | Code function: | 0_2_00405CF4 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 5 Windows Service | 1 DLL Side-Loading | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Bootkit | 1 Access Token Manipulation | 2 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 5 Windows Service | 1 DLL Side-Loading | NTDS | 35 System Information Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 2 Process Injection | 1 Masquerading | LSA Secrets | 41 Security Software Discovery | SSH | Keylogging | 112 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 2 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Bootkit | /etc/passwd and /etc/shadow | 3 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Win32.Trojan.Munp |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
5% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
5% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
heketoh.net | 45.155.250.128 | true | true | unknown | |
bngrkdw.com | 185.196.8.214 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
195.154.173.35 | unknown | France | 12876 | OnlineSASFR | false | |
45.155.250.128 | heketoh.net | Germany | 34549 | MEER-ASmeerfarbigGmbHCoKGDE | true | |
185.196.8.214 | bngrkdw.com | Switzerland | 34888 | SIMPLECARRER2IT | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520807 |
Start date and time: | 2024-09-27 23:29:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@5/26@2/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe
Time | Type | Description |
---|---|---|
17:30:30 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
195.154.173.35 | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | LummaC, Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
45.155.250.128 | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
185.196.8.214 | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MEER-ASmeerfarbigGmbHCoKGDE | Get hash | malicious | Socks5Systemz | Browse |
| |
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
SIMPLECARRER2IT | Get hash | malicious | Socks5Systemz | Browse |
| |
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
OnlineSASFR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Gerda Play3 SE\Qt5OpenGL.dll (copy) | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662400 |
Entropy (8bit): | 6.852886528764481 |
Encrypted: | false |
SSDEEP: | 49152:j+mwVVY6PCW6coGceGNSznL8D3MdgENHObtCB:WyvW2GceGNS/O3MBHatC |
MD5: | C26B00F4D8662FF6FAF6841BDAED9586 |
SHA1: | 8414CD9E41DF37F3668C733A8E543C491A60839E |
SHA-256: | C6BF8DFD634EB5132150DB0E7166FEBA65AC808AA96ED549EDDE23E835223500 |
SHA-512: | FAC1FE2C6A0CB9033CCF677E6B378801212B41A46B50C968BE17178A242407D1C918BA0B8AB7B1EBF0205032F7B3498C0C613B5EC3DD7FE84CE31DDCD6D98DF2 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:4SDll/:4Sz |
MD5: | EB6569CFE65E66CF29D5F2B14084332D |
SHA1: | 1440B025FD9E59C96476453ED8E0ED7511F75B94 |
SHA-256: | AE5045EA49465E118496B70E9AB353A73697918383392477DF8C3B2A09FBBF2C |
SHA-512: | 6A1D755DC7740F3BB564DC9A5A5A1A0C9DC619BD854C006EBA0E7CF3E74ECD8014CAC740C629DB7061E8D6FD3DA55CF9AE19703EE06B071851C6769D6D9B06CF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:G:G |
MD5: | 5AAA15985431EDED3473BE4286F8DF07 |
SHA1: | 9003157CE8CC9D5550ADF9B1EF677881AC34ECC3 |
SHA-256: | E2733B3DB9D93B0AC4E656AA12B839B92D1B7E1A4C5D97C74CB05C700672CC87 |
SHA-512: | EB018B81A598E25CFAE1FC22E038740D2A6466C9C35874345EDF14BC1A6DCBA9E477165CF64DD610C3FE1ED7ECB98F4B66779E6736989007EEAD9C40A1454718 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128 |
Entropy (8bit): | 2.9545817380615236 |
Encrypted: | false |
SSDEEP: | 3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM |
MD5: | 98DDA7FC0B3E548B68DE836D333D1539 |
SHA1: | D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6 |
SHA-256: | 870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D |
SHA-512: | E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128 |
Entropy (8bit): | 1.7095628900165245 |
Encrypted: | false |
SSDEEP: | 3:LDXdQSWBdMUE/:LLdQSGd |
MD5: | 4FFFD4D2A32CBF8FB78D521B4CC06680 |
SHA1: | 3FA6EFA82F738740179A9388D8046619C7EBDF54 |
SHA-256: | EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68 |
SHA-512: | 130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 334848 |
Entropy (8bit): | 6.5257884005400015 |
Encrypted: | false |
SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | modified |
Size (bytes): | 2662400 |
Entropy (8bit): | 6.852886528764481 |
Encrypted: | false |
SSDEEP: | 49152:j+mwVVY6PCW6coGceGNSznL8D3MdgENHObtCB:WyvW2GceGNS/O3MBHatC |
MD5: | C26B00F4D8662FF6FAF6841BDAED9586 |
SHA1: | 8414CD9E41DF37F3668C733A8E543C491A60839E |
SHA-256: | C6BF8DFD634EB5132150DB0E7166FEBA65AC808AA96ED549EDDE23E835223500 |
SHA-512: | FAC1FE2C6A0CB9033CCF677E6B378801212B41A46B50C968BE17178A242407D1C918BA0B8AB7B1EBF0205032F7B3498C0C613B5EC3DD7FE84CE31DDCD6D98DF2 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 499712 |
Entropy (8bit): | 6.414789978441117 |
Encrypted: | false |
SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 719720 |
Entropy (8bit): | 6.620042925263483 |
Encrypted: | false |
SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 334848 |
Entropy (8bit): | 6.5257884005400015 |
Encrypted: | false |
SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2662400 |
Entropy (8bit): | 6.852886332276073 |
Encrypted: | false |
SSDEEP: | 49152:g+mwVVY6PCW6coGceGNSznL8D3MdgENHObtCB:DyvW2GceGNS/O3MBHatC |
MD5: | B62B755737360199A16A0D76CF88A4E7 |
SHA1: | 059ED8D812416DD8E308BF1C7B77710C114A86A5 |
SHA-256: | 13255B9D2D77D136BDDFD7432C479B47DE4DB3BE92C7FD3DEB53340EF75D89D7 |
SHA-512: | C1763A1E5CCCAF0AEAB0E53F62C0B266181F6638601EDE122B4262487ADA5900A7C2CEA7E91F2686A14D459FE60A3B280AD1416E06746E24740AD30DBCE72BEC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1471856 |
Entropy (8bit): | 6.8308189184145665 |
Encrypted: | false |
SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
MD5: | A236287C42F921D109475D47E9DCAC2B |
SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 348160 |
Entropy (8bit): | 6.542655141037356 |
Encrypted: | false |
SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 392048 |
Entropy (8bit): | 6.542831007177094 |
Encrypted: | false |
SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
MD5: | EE856A00410ECED8CC609936D01F954E |
SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1471856 |
Entropy (8bit): | 6.8308189184145665 |
Encrypted: | false |
SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
MD5: | A236287C42F921D109475D47E9DCAC2B |
SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 719720 |
Entropy (8bit): | 6.620042925263483 |
Encrypted: | false |
SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 499712 |
Entropy (8bit): | 6.414789978441117 |
Encrypted: | false |
SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 348160 |
Entropy (8bit): | 6.542655141037356 |
Encrypted: | false |
SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 392048 |
Entropy (8bit): | 6.542831007177094 |
Encrypted: | false |
SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
MD5: | EE856A00410ECED8CC609936D01F954E |
SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 720033 |
Entropy (8bit): | 6.5224445917545 |
Encrypted: | false |
SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbZgUHayxyF8:sQPh1eLSSKrPD37zzH2A6QD/srqggE7M |
MD5: | 6D1FF7EBD3B8DB9F7CD19341A7B31385 |
SHA1: | 50A560D45C5277CDE22940C59B03FC93726466B6 |
SHA-256: | C6AF8C9BC1DEF641E24516494D81A8988B348138E42F874EB09B7FF27BEBED50 |
SHA-512: | 3F281DC79656C8614622474BB778000730EDCB4C0C8D9EDA907632A4F56A5A3F839644D37E5BF985FB990E1E3DF219BBA8D6F6D7F26D3B608BC77334CBC8A61D |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 4467 |
Entropy (8bit): | 4.627746999674898 |
Encrypted: | false |
SSDEEP: | 96:jcSz8Wtjv88apflLY6sJ9X+eOIh2v4cVSQs0L4b3i:jc88Wtb89pNLYaHIhNcVSQ13 |
MD5: | 34FE59A93CF931AA9201901FC1678879 |
SHA1: | A3330CE78F4C631A4E57F2801642C5460EFB3E40 |
SHA-256: | E07C25AEC1E4D3DE008E1843C0B6C7B9B6E03BBBFB0BA36F0A4ADC80809A11AC |
SHA-512: | 1B9D2C5AACEDB243C591DDDA5E519EF75F73A8FAA9FFB5E35A289637CCD9FC03F12EBC70C2F12D267C925FF8E7228726A561A21ED98189DEDFA937DDAA9CF1CC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 720033 |
Entropy (8bit): | 6.5224445917545 |
Encrypted: | false |
SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbZgUHayxyF8:sQPh1eLSSKrPD37zzH2A6QD/srqggE7M |
MD5: | 6D1FF7EBD3B8DB9F7CD19341A7B31385 |
SHA1: | 50A560D45C5277CDE22940C59B03FC93726466B6 |
SHA-256: | C6AF8C9BC1DEF641E24516494D81A8988B348138E42F874EB09B7FF27BEBED50 |
SHA-512: | 3F281DC79656C8614622474BB778000730EDCB4C0C8D9EDA907632A4F56A5A3F839644D37E5BF985FB990E1E3DF219BBA8D6F6D7F26D3B608BC77334CBC8A61D |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 708608 |
Entropy (8bit): | 6.514147155960057 |
Encrypted: | false |
SSDEEP: | 12288:UQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbZgUHayxyF:UQPh1eLSSKrPD37zzH2A6QD/srqggE7X |
MD5: | ED4730120FE89130C401E2280D614D75 |
SHA1: | 79B9B7688EDEBB9F85B54B102251E5D0CFCEE13A |
SHA-256: | 36339134E74DFE0D059CF5974DBD60AB6FA18059A58BD3511A4DD432EFAF0B49 |
SHA-512: | 22AB0ABCF85A58FCD32AD7F9EBA0DA2C95AA965622A77AFA1E04BB1B69E89A3DCB5A0D0117022D0C95278C365C00AAF20DC6249955EC819E7422A36496411CDA |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.8818118453929262 |
Encrypted: | false |
SSDEEP: | 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG |
MD5: | A69559718AB506675E907FE49DEB71E9 |
SHA1: | BC8F404FFDB1960B50C12FF9413C893B56F2E36F |
SHA-256: | 2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC |
SHA-512: | E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 23312 |
Entropy (8bit): | 4.596242908851566 |
Encrypted: | false |
SSDEEP: | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
MD5: | 92DC6EF532FBB4A5C3201469A5B5EB63 |
SHA1: | 3E89FF837147C16B4E41C30D6C796374E0B8E62C |
SHA-256: | 9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 |
SHA-512: | 9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3 |
Malicious: | false |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.997414341698663 |
TrID: |
|
File name: | SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe |
File size: | 3'132'268 bytes |
MD5: | e3bf1bd1bb1678eca7bc20f0de65fb4f |
SHA1: | b38add3571b79a31f906cfb92c895d9a65a8d14b |
SHA256: | 7766b5020c69d2f96d2d86100ee8137ed27764b0b21dddbd398d5b06b3002275 |
SHA512: | 12cf0c784ff7aa6516b77336368f554e06f5f39fb727d6212637827dda47b0ad50206d831569136fd6bae5a6cef3f63ffbcb54be2a3c0d988bcf5b14ff0806e5 |
SSDEEP: | 49152:e9+8Ys06B8clbzPhNEhOSG8Q+lJt7xthsyvm3egYBombb6rQngVOwPuYCd3Cs7Y2:4+q06WWcMR8JtxGzYBT6rQnjw2V3m2 |
TLSH: | C8E53343EAD7CD31DB21DD780E7A929161226D2A44738E1CA2ECECCC6F2798C5987747 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 2d2e3797b32b2b99 |
Entrypoint: | 0x40a5f8 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 1 |
OS Version Minor: | 0 |
File Version Major: | 1 |
File Version Minor: | 0 |
Subsystem Version Major: | 1 |
Subsystem Version Minor: | 0 |
Import Hash: | 884310b1928934402ea6fec1dbd3cf5e |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-10h], eax |
mov dword ptr [ebp-24h], eax |
call 00007F8DA9244763h |
call 00007F8DA924596Ah |
call 00007F8DA9245BF9h |
call 00007F8DA9245C9Ch |
call 00007F8DA9247C3Bh |
call 00007F8DA924A5A6h |
call 00007F8DA924A70Dh |
xor eax, eax |
push ebp |
push 0040ACC9h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 0040AC92h |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [0040C014h] |
call 00007F8DA924B1BBh |
call 00007F8DA924ADA6h |
cmp byte ptr [0040B234h], 00000000h |
je 00007F8DA924BC9Eh |
call 00007F8DA924B2B8h |
xor eax, eax |
call 00007F8DA9245459h |
lea edx, dword ptr [ebp-10h] |
xor eax, eax |
call 00007F8DA924824Bh |
mov edx, dword ptr [ebp-10h] |
mov eax, 0040CE2Ch |
call 00007F8DA92447FAh |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [0040CE2Ch] |
mov dl, 01h |
mov eax, 0040738Ch |
call 00007F8DA9248ADAh |
mov dword ptr [0040CE30h], eax |
xor edx, edx |
push ebp |
push 0040AC4Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F8DA924B216h |
mov dword ptr [0040CE38h], eax |
mov eax, dword ptr [0040CE38h] |
cmp dword ptr [eax+0Ch], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd000 | 0x950 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11000 | 0x2c00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xf000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x9d30 | 0x9e00 | 04ffdb46e50716ec8cb7db42819802fd | False | 0.6052956882911392 | data | 6.631603395825714 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0xb000 | 0x250 | 0x400 | beee52f18301950f82460d9ffe5aec7e | False | 0.306640625 | data | 2.7547169534996403 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0xc000 | 0xe90 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xd000 | 0x950 | 0xa00 | bb5485bf968b970e5ea81292af2acdba | False | 0.414453125 | data | 4.430733069799036 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xe000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xf000 | 0x18 | 0x200 | 9ba824905bf9c7922b6fc87a38b74366 | False | 0.052734375 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x10000 | 0x8c4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x11000 | 0x2c00 | 0x2c00 | 4b58f4127aa285b3842033ae5fde2008 | False | 0.3340731534090909 | data | 4.593986784749601 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x11354 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
RT_ICON | 0x1147c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
RT_ICON | 0x119e4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
RT_ICON | 0x11ccc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
RT_STRING | 0x12574 | 0x2f2 | data | 0.35543766578249336 | ||
RT_STRING | 0x12868 | 0x30c | data | 0.3871794871794872 | ||
RT_STRING | 0x12b74 | 0x2ce | data | 0.42618384401114207 | ||
RT_STRING | 0x12e44 | 0x68 | data | 0.75 | ||
RT_STRING | 0x12eac | 0xb4 | data | 0.6277777777777778 | ||
RT_STRING | 0x12f60 | 0xae | data | 0.5344827586206896 | ||
RT_RCDATA | 0x13010 | 0x2c | data | 1.2045454545454546 | ||
RT_GROUP_ICON | 0x1303c | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x1307c | 0x4f4 | data | English | United States | 0.28470031545741326 |
RT_MANIFEST | 0x13570 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle |
user32.dll | MessageBoxA |
oleaut32.dll | VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA |
kernel32.dll | WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle |
user32.dll | TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA |
comctl32.dll | InitCommonControls |
advapi32.dll | AdjustTokenPrivileges |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T23:30:51.433551+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:30:51.433551+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:30:58.182310+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49738 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:30:58.182310+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49738 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:04.885128+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49739 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:04.885128+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49739 | 185.196.8.214 | 80 | TCP |
2024-09-27T23:31:10.685863+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:10.685863+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:13.697755+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:13.697755+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:14.579307+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49742 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:14.579307+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49742 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.504584+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.504584+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.885024+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:15.885024+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:16.763416+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49745 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:16.763416+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49745 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:17.670685+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49746 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:17.670685+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49746 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:18.570556+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49747 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:18.570556+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49747 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.491503+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.491503+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.889751+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:19.889751+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:20.728634+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49749 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:20.728634+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49749 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:21.633021+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49750 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:21.633021+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49750 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:22.545452+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49751 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:22.545452+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49751 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:23.400715+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49752 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:23.400715+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49752 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:24.264093+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49753 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:24.264093+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49753 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:25.164603+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49754 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:25.164603+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49754 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.091434+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49755 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.091434+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49755 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.941817+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49756 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:26.941817+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49756 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:27.781324+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49757 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:27.781324+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49757 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:28.631658+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49758 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:28.631658+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49758 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.478363+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.478363+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.853516+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:29.853516+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:31.624022+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49760 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:31.624022+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49760 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.506702+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.506702+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.883431+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:32.883431+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:33.727463+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49762 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:33.727463+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49762 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:34.597846+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49763 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:34.597846+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49763 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:35.519771+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49764 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:35.519771+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49764 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:36.341997+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49765 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:36.341997+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49765 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:37.179408+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49766 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:37.179408+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49766 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.054745+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.054745+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.418274+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:38.418274+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.255678+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.255678+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.619366+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:39.619366+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:40.445356+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49769 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:40.445356+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49769 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:41.369534+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49770 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:41.369534+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49770 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:42.213051+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49771 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:42.213051+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49771 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.033266+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49772 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.033266+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49772 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.920621+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49773 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:43.920621+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49773 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:44.749560+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49774 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:44.749560+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49774 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:45.578373+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49775 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:45.578373+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49775 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:46.400881+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49776 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:46.400881+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49776 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:47.250686+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49777 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:47.250686+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49777 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.084804+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49778 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.084804+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49778 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.916872+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49779 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:48.916872+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49779 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:49.931624+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49780 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:49.931624+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49780 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:50.762993+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49781 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:50.762993+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49781 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:51.599294+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49782 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:51.599294+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49782 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:52.536822+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49783 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:52.536822+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49783 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:53.371113+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49784 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:53.371113+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49784 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:54.261607+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49785 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:54.261607+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49785 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:55.212742+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49786 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:55.212742+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49786 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.086627+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49787 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.086627+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49787 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.994568+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49788 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:56.994568+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49788 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:57.827499+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49789 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:57.827499+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49789 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:58.662698+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49790 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:58.662698+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49790 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:59.563816+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49791 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:31:59.563816+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49791 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:32:00.440828+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 49792 | 45.155.250.128 | 80 | TCP |
2024-09-27T23:32:00.440828+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 49792 | 45.155.250.128 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:30:49.768330097 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:49.773825884 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:49.773925066 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:49.774033070 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:49.779124975 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:51.432152033 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:51.433551073 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:51.433634996 CEST | 49736 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:51.438452005 CEST | 80 | 49736 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:56.513494015 CEST | 49738 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:56.518383026 CEST | 80 | 49738 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:56.518476963 CEST | 49738 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:56.537889004 CEST | 49738 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:56.542768002 CEST | 80 | 49738 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:58.182218075 CEST | 80 | 49738 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:30:58.182310104 CEST | 49738 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:58.182384014 CEST | 49738 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:30:58.187807083 CEST | 80 | 49738 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:31:03.194910049 CEST | 49739 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:31:03.200381994 CEST | 80 | 49739 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:31:03.200488091 CEST | 49739 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:31:03.200592041 CEST | 49739 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:31:03.205430031 CEST | 80 | 49739 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:31:04.884990931 CEST | 80 | 49739 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:31:04.885128021 CEST | 49739 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:31:04.885214090 CEST | 49739 | 80 | 192.168.2.4 | 185.196.8.214 |
Sep 27, 2024 23:31:04.890142918 CEST | 80 | 49739 | 185.196.8.214 | 192.168.2.4 |
Sep 27, 2024 23:31:09.967549086 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:09.972296000 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:09.972397089 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:09.973238945 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:09.979060888 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:10.685745955 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:10.685863018 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:10.685933113 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:10.685944080 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:10.685981035 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:10.685992956 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:10.773195028 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:10.773401976 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:10.777910948 CEST | 49741 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:10.782938957 CEST | 2023 | 49741 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:10.783025026 CEST | 49741 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:10.786489964 CEST | 49741 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:10.792016029 CEST | 2023 | 49741 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:10.792082071 CEST | 49741 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:10.798140049 CEST | 2023 | 49741 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:11.389458895 CEST | 2023 | 49741 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:11.441087961 CEST | 49741 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:13.397778988 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.402926922 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:13.697696924 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:13.697755098 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.838458061 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.838753939 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.843848944 CEST | 80 | 49742 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:13.843926907 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.845736980 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.845977068 CEST | 80 | 49740 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:13.846024036 CEST | 49740 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:13.850641966 CEST | 80 | 49742 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.579243898 CEST | 80 | 49742 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.579252958 CEST | 80 | 49742 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.579307079 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:14.580380917 CEST | 49743 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:14.593987942 CEST | 2023 | 49743 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:14.594094992 CEST | 49743 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:14.594161987 CEST | 49743 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:14.594213009 CEST | 49743 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:14.616977930 CEST | 2023 | 49743 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:14.617449999 CEST | 2023 | 49743 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:14.718564987 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:14.719310999 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:14.724767923 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.724895954 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:14.725250959 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:14.731170893 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.760924101 CEST | 80 | 49742 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:14.761125088 CEST | 49742 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:15.057518005 CEST | 2023 | 49743 | 195.154.173.35 | 192.168.2.4 |
Sep 27, 2024 23:31:15.057765961 CEST | 49743 | 2023 | 192.168.2.4 | 195.154.173.35 |
Sep 27, 2024 23:31:15.504517078 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:15.504584074 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:15.616485119 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:15.636544943 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:15.884943008 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:15.885024071 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.007261992 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.007466078 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.012408972 CEST | 80 | 49744 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.012492895 CEST | 49744 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.012705088 CEST | 80 | 49745 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.012779951 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.012973070 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.017920971 CEST | 80 | 49745 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.763235092 CEST | 80 | 49745 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.763416052 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.897932053 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.898258924 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.902987003 CEST | 80 | 49745 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.903059006 CEST | 49745 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.903378963 CEST | 80 | 49746 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:16.903446913 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.903608084 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:16.908627033 CEST | 80 | 49746 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:17.670480967 CEST | 80 | 49746 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:17.670685053 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.790141106 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.790517092 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.804996014 CEST | 80 | 49747 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:17.805128098 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.805356026 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.806641102 CEST | 80 | 49746 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:17.806694984 CEST | 49746 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:17.810583115 CEST | 80 | 49747 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:18.566340923 CEST | 80 | 49747 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:18.570555925 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.694696903 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.694993973 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.739861012 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:18.741446018 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.741559982 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.743478060 CEST | 80 | 49747 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:18.744561911 CEST | 49747 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:18.763487101 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:19.491429090 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:19.491503000 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:19.600804090 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:19.636728048 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:19.889611006 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:19.889750957 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.006856918 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.007138968 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.012033939 CEST | 80 | 49748 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.012370110 CEST | 80 | 49749 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.012444019 CEST | 49748 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.012475014 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.012634039 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.017955065 CEST | 80 | 49749 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.728543043 CEST | 80 | 49749 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.728634119 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.850733042 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.851013899 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.867149115 CEST | 80 | 49750 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.867295980 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.867424965 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.868561983 CEST | 80 | 49749 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:20.868609905 CEST | 49749 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:20.880362988 CEST | 80 | 49750 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:21.632940054 CEST | 80 | 49750 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:21.633021116 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.787367105 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.787777901 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.792716026 CEST | 80 | 49750 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:21.792788029 CEST | 49750 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.793045998 CEST | 80 | 49751 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:21.793231964 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.793391943 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:21.798451900 CEST | 80 | 49751 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:22.545339108 CEST | 80 | 49751 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:22.545452118 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.663103104 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.663429022 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.668462992 CEST | 80 | 49751 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:22.668533087 CEST | 49751 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.668678045 CEST | 80 | 49752 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:22.668775082 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.668943882 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:22.674216986 CEST | 80 | 49752 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:23.400635004 CEST | 80 | 49752 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:23.400715113 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.522571087 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.522828102 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.528598070 CEST | 80 | 49752 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:23.528773069 CEST | 80 | 49753 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:23.528783083 CEST | 49752 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.528845072 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.529007912 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:23.535537958 CEST | 80 | 49753 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:24.264014006 CEST | 80 | 49753 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:24.264092922 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.381897926 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.382195950 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.387499094 CEST | 80 | 49754 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:24.387589931 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.387687922 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.387758970 CEST | 80 | 49753 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:24.387809992 CEST | 49753 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:24.392482042 CEST | 80 | 49754 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:25.164530039 CEST | 80 | 49754 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:25.164602995 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.364912033 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.365216017 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.370954990 CEST | 80 | 49754 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:25.371031046 CEST | 49754 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.371239901 CEST | 80 | 49755 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:25.371309042 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.371404886 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:25.377422094 CEST | 80 | 49755 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.091356039 CEST | 80 | 49755 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.091434002 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.209985971 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.210282087 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.215210915 CEST | 80 | 49755 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.215223074 CEST | 80 | 49756 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.215270042 CEST | 49755 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.215301037 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.215436935 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:26.220237970 CEST | 80 | 49756 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.941695929 CEST | 80 | 49756 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:26.941817045 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.069562912 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.069904089 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.076116085 CEST | 80 | 49757 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.076184988 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.076319933 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.077445030 CEST | 80 | 49756 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.077488899 CEST | 49756 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.081253052 CEST | 80 | 49757 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.781090021 CEST | 80 | 49757 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.781323910 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.897959948 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.898253918 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.903109074 CEST | 80 | 49758 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.903208017 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.903376102 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.903697968 CEST | 80 | 49757 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:27.903767109 CEST | 49757 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:27.908159971 CEST | 80 | 49758 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:28.631567955 CEST | 80 | 49758 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:28.631658077 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.757370949 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.757652998 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.762389898 CEST | 80 | 49758 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:28.762455940 CEST | 49758 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.762517929 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:28.762583017 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.762728930 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:28.767496109 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:29.478250980 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:29.478363037 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:29.592431068 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:29.597378969 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:29.853432894 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:29.853516102 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:29.977757931 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:29.978141069 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.284755945 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.894112110 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.925872087 CEST | 80 | 49760 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:30.925961971 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.926017046 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:30.926142931 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:30.926161051 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.926367998 CEST | 80 | 49759 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:30.926424026 CEST | 49759 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:30.930922985 CEST | 80 | 49760 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:31.623944044 CEST | 80 | 49760 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:31.624022007 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.793232918 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.793566942 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.798398018 CEST | 80 | 49760 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:31.798461914 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:31.798466921 CEST | 49760 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.798537016 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.798731089 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:31.803540945 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:32.506511927 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:32.506701946 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:32.621460915 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:32.626535892 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:32.883306026 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:32.883430958 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.007838011 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.008239031 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.013062000 CEST | 80 | 49761 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.013138056 CEST | 49761 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.013484955 CEST | 80 | 49762 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.013575077 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.013679981 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.018681049 CEST | 80 | 49762 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.727355003 CEST | 80 | 49762 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.727463007 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.856110096 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.856832027 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.861192942 CEST | 80 | 49762 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.861268044 CEST | 49762 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.861722946 CEST | 80 | 49763 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:33.861824989 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.862035036 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:33.866888046 CEST | 80 | 49763 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:34.597707987 CEST | 80 | 49763 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:34.597846031 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.795098066 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.795419931 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.801455021 CEST | 80 | 49764 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:34.801558971 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.801655054 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.801662922 CEST | 80 | 49763 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:34.801744938 CEST | 49763 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:34.807010889 CEST | 80 | 49764 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:35.519665956 CEST | 80 | 49764 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:35.519771099 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.634002924 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.634421110 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.639120102 CEST | 80 | 49764 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:35.639230013 CEST | 49764 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.639729023 CEST | 80 | 49765 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:35.639796019 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.639951944 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:35.644931078 CEST | 80 | 49765 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:36.341764927 CEST | 80 | 49765 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:36.341996908 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.468081951 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.468815088 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.473329067 CEST | 80 | 49765 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:36.473396063 CEST | 49765 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.473615885 CEST | 80 | 49766 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:36.473699093 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.473896980 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:36.478940964 CEST | 80 | 49766 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:37.179297924 CEST | 80 | 49766 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:37.179408073 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.342768908 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.347408056 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.348001957 CEST | 80 | 49766 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:37.348090887 CEST | 49766 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.352231979 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:37.352339029 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.352685928 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:37.357635021 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.054491997 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.054744959 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.163311958 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.168178082 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.418113947 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.418273926 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.539833069 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.540255070 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.544899940 CEST | 80 | 49767 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.545053959 CEST | 49767 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.545285940 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:38.545383930 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.545594931 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:38.550461054 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.255572081 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.255677938 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.371234894 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.376106977 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.619251013 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.619365931 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.742113113 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.742561102 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.747502089 CEST | 80 | 49768 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.747597933 CEST | 49768 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.747689009 CEST | 80 | 49769 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:39.747764111 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.747899055 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:39.753011942 CEST | 80 | 49769 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:40.445254087 CEST | 80 | 49769 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:40.445355892 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.662523985 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.662812948 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.667912960 CEST | 80 | 49770 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:40.667943954 CEST | 80 | 49769 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:40.667975903 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.667999983 CEST | 49769 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.669487000 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:40.674314022 CEST | 80 | 49770 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:41.369467974 CEST | 80 | 49770 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:41.369534016 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.491219997 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.491552114 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.496331930 CEST | 80 | 49770 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:41.496393919 CEST | 49770 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.496640921 CEST | 80 | 49771 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:41.496722937 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.496869087 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:41.501981020 CEST | 80 | 49771 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:42.212929964 CEST | 80 | 49771 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:42.213051081 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.335558891 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.335855007 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.340846062 CEST | 80 | 49771 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:42.340859890 CEST | 80 | 49772 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:42.340908051 CEST | 49771 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.340935946 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.341106892 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:42.345843077 CEST | 80 | 49772 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.033169031 CEST | 80 | 49772 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.033266068 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.205334902 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.209271908 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.210618019 CEST | 80 | 49772 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.210685015 CEST | 49772 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.214042902 CEST | 80 | 49773 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.214112043 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.226192951 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:43.231085062 CEST | 80 | 49773 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.920540094 CEST | 80 | 49773 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:43.920620918 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.038227081 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.038541079 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.044235945 CEST | 80 | 49773 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.044317007 CEST | 49773 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.044373989 CEST | 80 | 49774 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.044435024 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.044529915 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.050482988 CEST | 80 | 49774 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.749358892 CEST | 80 | 49774 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.749560118 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.866350889 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.866677046 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.871800900 CEST | 80 | 49775 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.871908903 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.872136116 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.874015093 CEST | 80 | 49774 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:44.874077082 CEST | 49774 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:44.877063990 CEST | 80 | 49775 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:45.578264952 CEST | 80 | 49775 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:45.578372955 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.695849895 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.696086884 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.701008081 CEST | 80 | 49775 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:45.701070070 CEST | 80 | 49776 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:45.701076984 CEST | 49775 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.701179981 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.701335907 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:45.706250906 CEST | 80 | 49776 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:46.400785923 CEST | 80 | 49776 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:46.400881052 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.522711039 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.522903919 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.527946949 CEST | 80 | 49776 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:46.527975082 CEST | 80 | 49777 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:46.528028965 CEST | 49776 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.528084040 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.528207064 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:46.532988071 CEST | 80 | 49777 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:47.250514984 CEST | 80 | 49777 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:47.250685930 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.366347075 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.366749048 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.371706963 CEST | 80 | 49777 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:47.371958017 CEST | 80 | 49778 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:47.372036934 CEST | 49777 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.372137070 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.372265100 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:47.377182961 CEST | 80 | 49778 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.084738016 CEST | 80 | 49778 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.084804058 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.194792032 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.195123911 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.200012922 CEST | 80 | 49778 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.200037956 CEST | 80 | 49779 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.200083017 CEST | 49778 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.200143099 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.200314045 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:48.205234051 CEST | 80 | 49779 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.916795015 CEST | 80 | 49779 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:48.916872025 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.194865942 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.195247889 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.200366020 CEST | 80 | 49779 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:49.200373888 CEST | 80 | 49780 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:49.200434923 CEST | 49779 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.200484037 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.200798988 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:49.206358910 CEST | 80 | 49780 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:49.931500912 CEST | 80 | 49780 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:49.931623936 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.053611040 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.053999901 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.059875011 CEST | 80 | 49780 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.059968948 CEST | 49780 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.060266972 CEST | 80 | 49781 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.060338974 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.060486078 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.065454960 CEST | 80 | 49781 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.762917995 CEST | 80 | 49781 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.762993097 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.890130997 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.890526056 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.895190001 CEST | 80 | 49781 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.895250082 CEST | 49781 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.895287037 CEST | 80 | 49782 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:50.895349026 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.895452976 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:50.900311947 CEST | 80 | 49782 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:51.599097967 CEST | 80 | 49782 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:51.599293947 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.823668003 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.823966026 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.828777075 CEST | 80 | 49782 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:51.828838110 CEST | 49782 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.829092979 CEST | 80 | 49783 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:51.829175949 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.831259012 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:51.836122036 CEST | 80 | 49783 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:52.536751032 CEST | 80 | 49783 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:52.536822081 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.647969961 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.648382902 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.653117895 CEST | 80 | 49783 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:52.653225899 CEST | 80 | 49784 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:52.653225899 CEST | 49783 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.653304100 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.653439999 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:52.658210039 CEST | 80 | 49784 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:53.371033907 CEST | 80 | 49784 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:53.371113062 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.493422985 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.493710041 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.498819113 CEST | 80 | 49785 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:53.498832941 CEST | 80 | 49784 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:53.498907089 CEST | 49784 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.498919964 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.499073982 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:53.504427910 CEST | 80 | 49785 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:54.261552095 CEST | 80 | 49785 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:54.261606932 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.416112900 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.416434050 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.432658911 CEST | 80 | 49785 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:54.432662010 CEST | 80 | 49786 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:54.432743073 CEST | 49785 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.432775974 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.434941053 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:54.440368891 CEST | 80 | 49786 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:55.211530924 CEST | 80 | 49786 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:55.212742090 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.337934017 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.338258028 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.345918894 CEST | 80 | 49787 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:55.345992088 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.346120119 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.347189903 CEST | 80 | 49786 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:55.347248077 CEST | 49786 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:55.351200104 CEST | 80 | 49787 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.086482048 CEST | 80 | 49787 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.086627007 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.211658001 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.212040901 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.217199087 CEST | 80 | 49788 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.217439890 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.217586994 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.217667103 CEST | 80 | 49787 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.217891932 CEST | 49787 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:56.222558022 CEST | 80 | 49788 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.994458914 CEST | 80 | 49788 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:56.994568110 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.119112968 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.119545937 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.124316931 CEST | 80 | 49788 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.124371052 CEST | 49788 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.124661922 CEST | 80 | 49789 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.124733925 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.124916077 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.129926920 CEST | 80 | 49789 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.827439070 CEST | 80 | 49789 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.827498913 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.952234983 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.952850103 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.957530022 CEST | 80 | 49789 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.957592964 CEST | 49789 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.958019972 CEST | 80 | 49790 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:57.958120108 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.980616093 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:57.985591888 CEST | 80 | 49790 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:58.659138918 CEST | 80 | 49790 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:58.662698030 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.789618969 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.790266991 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.794775963 CEST | 80 | 49790 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:58.794898987 CEST | 49790 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.795056105 CEST | 80 | 49791 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:58.795252085 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.795252085 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:58.800209999 CEST | 80 | 49791 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:59.563734055 CEST | 80 | 49791 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:59.563816071 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.681088924 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.681400061 CEST | 49792 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.689337015 CEST | 80 | 49792 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:59.689434052 CEST | 49792 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.689603090 CEST | 49792 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.690277100 CEST | 80 | 49791 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:31:59.690330982 CEST | 49791 | 80 | 192.168.2.4 | 45.155.250.128 |
Sep 27, 2024 23:31:59.694811106 CEST | 80 | 49792 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:32:00.439975977 CEST | 80 | 49792 | 45.155.250.128 | 192.168.2.4 |
Sep 27, 2024 23:32:00.440828085 CEST | 49792 | 80 | 192.168.2.4 | 45.155.250.128 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:30:49.651810884 CEST | 55038 | 53 | 192.168.2.4 | 152.89.198.214 |
Sep 27, 2024 23:30:49.720448017 CEST | 53 | 55038 | 152.89.198.214 | 192.168.2.4 |
Sep 27, 2024 23:31:09.898042917 CEST | 57148 | 53 | 192.168.2.4 | 152.89.198.214 |
Sep 27, 2024 23:31:09.965086937 CEST | 53 | 57148 | 152.89.198.214 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:30:49.651810884 CEST | 192.168.2.4 | 152.89.198.214 | 0x2004 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:31:09.898042917 CEST | 192.168.2.4 | 152.89.198.214 | 0xc048 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:30:49.720448017 CEST | 152.89.198.214 | 192.168.2.4 | 0x2004 | No error (0) | 185.196.8.214 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:31:09.965086937 CEST | 152.89.198.214 | 192.168.2.4 | 0xc048 | No error (0) | 45.155.250.128 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 185.196.8.214 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:30:49.774033070 CEST | 318 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49738 | 185.196.8.214 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:30:56.537889004 CEST | 318 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 185.196.8.214 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:03.200592041 CEST | 318 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49740 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:09.973238945 CEST | 318 | OUT | |
Sep 27, 2024 23:31:10.685745955 CEST | 1236 | IN | |
Sep 27, 2024 23:31:10.685933113 CEST | 224 | IN | |
Sep 27, 2024 23:31:10.685944080 CEST | 1 | IN | |
Sep 27, 2024 23:31:10.773195028 CEST | 5 | IN | |
Sep 27, 2024 23:31:13.397778988 CEST | 326 | OUT | |
Sep 27, 2024 23:31:13.697696924 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49742 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:13.845736980 CEST | 326 | OUT | |
Sep 27, 2024 23:31:14.579243898 CEST | 1236 | IN | |
Sep 27, 2024 23:31:14.579252958 CEST | 86 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49744 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:14.725250959 CEST | 326 | OUT | |
Sep 27, 2024 23:31:15.504517078 CEST | 220 | IN | |
Sep 27, 2024 23:31:15.616485119 CEST | 326 | OUT | |
Sep 27, 2024 23:31:15.884943008 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49745 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:16.012973070 CEST | 326 | OUT | |
Sep 27, 2024 23:31:16.763235092 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49746 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:16.903608084 CEST | 326 | OUT | |
Sep 27, 2024 23:31:17.670480967 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49747 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:17.805356026 CEST | 326 | OUT | |
Sep 27, 2024 23:31:18.566340923 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49748 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:18.741559982 CEST | 326 | OUT | |
Sep 27, 2024 23:31:19.491429090 CEST | 220 | IN | |
Sep 27, 2024 23:31:19.600804090 CEST | 326 | OUT | |
Sep 27, 2024 23:31:19.889611006 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49749 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:20.012634039 CEST | 326 | OUT | |
Sep 27, 2024 23:31:20.728543043 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49750 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:20.867424965 CEST | 326 | OUT | |
Sep 27, 2024 23:31:21.632940054 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49751 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:21.793391943 CEST | 326 | OUT | |
Sep 27, 2024 23:31:22.545339108 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49752 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:22.668943882 CEST | 326 | OUT | |
Sep 27, 2024 23:31:23.400635004 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49753 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:23.529007912 CEST | 326 | OUT | |
Sep 27, 2024 23:31:24.264014006 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49754 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:24.387687922 CEST | 326 | OUT | |
Sep 27, 2024 23:31:25.164530039 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49755 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:25.371404886 CEST | 326 | OUT | |
Sep 27, 2024 23:31:26.091356039 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49756 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:26.215436935 CEST | 326 | OUT | |
Sep 27, 2024 23:31:26.941695929 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.4 | 49757 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:27.076319933 CEST | 326 | OUT | |
Sep 27, 2024 23:31:27.781090021 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.4 | 49758 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:27.903376102 CEST | 326 | OUT | |
Sep 27, 2024 23:31:28.631567955 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.4 | 49759 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:28.762728930 CEST | 326 | OUT | |
Sep 27, 2024 23:31:29.478250980 CEST | 220 | IN | |
Sep 27, 2024 23:31:29.592431068 CEST | 326 | OUT | |
Sep 27, 2024 23:31:29.853432894 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.4 | 49760 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:30.926161051 CEST | 326 | OUT | |
Sep 27, 2024 23:31:31.623944044 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.4 | 49761 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:31.798731089 CEST | 326 | OUT | |
Sep 27, 2024 23:31:32.506511927 CEST | 220 | IN | |
Sep 27, 2024 23:31:32.621460915 CEST | 326 | OUT | |
Sep 27, 2024 23:31:32.883306026 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.4 | 49762 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:33.013679981 CEST | 326 | OUT | |
Sep 27, 2024 23:31:33.727355003 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.4 | 49763 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:33.862035036 CEST | 326 | OUT | |
Sep 27, 2024 23:31:34.597707987 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.4 | 49764 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:34.801655054 CEST | 326 | OUT | |
Sep 27, 2024 23:31:35.519665956 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.4 | 49765 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:35.639951944 CEST | 326 | OUT | |
Sep 27, 2024 23:31:36.341764927 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.4 | 49766 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:36.473896980 CEST | 326 | OUT | |
Sep 27, 2024 23:31:37.179297924 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.4 | 49767 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:37.352685928 CEST | 326 | OUT | |
Sep 27, 2024 23:31:38.054491997 CEST | 220 | IN | |
Sep 27, 2024 23:31:38.163311958 CEST | 326 | OUT | |
Sep 27, 2024 23:31:38.418113947 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.4 | 49768 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:38.545594931 CEST | 326 | OUT | |
Sep 27, 2024 23:31:39.255572081 CEST | 220 | IN | |
Sep 27, 2024 23:31:39.371234894 CEST | 326 | OUT | |
Sep 27, 2024 23:31:39.619251013 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.4 | 49769 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:39.747899055 CEST | 326 | OUT | |
Sep 27, 2024 23:31:40.445254087 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.4 | 49770 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:40.669487000 CEST | 326 | OUT | |
Sep 27, 2024 23:31:41.369467974 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.4 | 49771 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:41.496869087 CEST | 326 | OUT | |
Sep 27, 2024 23:31:42.212929964 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.4 | 49772 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:42.341106892 CEST | 326 | OUT | |
Sep 27, 2024 23:31:43.033169031 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.4 | 49773 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:43.226192951 CEST | 326 | OUT | |
Sep 27, 2024 23:31:43.920540094 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.4 | 49774 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:44.044529915 CEST | 326 | OUT | |
Sep 27, 2024 23:31:44.749358892 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.4 | 49775 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:44.872136116 CEST | 326 | OUT | |
Sep 27, 2024 23:31:45.578264952 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.4 | 49776 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:45.701335907 CEST | 326 | OUT | |
Sep 27, 2024 23:31:46.400785923 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.4 | 49777 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:46.528207064 CEST | 326 | OUT | |
Sep 27, 2024 23:31:47.250514984 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
39 | 192.168.2.4 | 49778 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:47.372265100 CEST | 326 | OUT | |
Sep 27, 2024 23:31:48.084738016 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
40 | 192.168.2.4 | 49779 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:48.200314045 CEST | 326 | OUT | |
Sep 27, 2024 23:31:48.916795015 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
41 | 192.168.2.4 | 49780 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:49.200798988 CEST | 326 | OUT | |
Sep 27, 2024 23:31:49.931500912 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
42 | 192.168.2.4 | 49781 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:50.060486078 CEST | 326 | OUT | |
Sep 27, 2024 23:31:50.762917995 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
43 | 192.168.2.4 | 49782 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:50.895452976 CEST | 326 | OUT | |
Sep 27, 2024 23:31:51.599097967 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
44 | 192.168.2.4 | 49783 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:51.831259012 CEST | 326 | OUT | |
Sep 27, 2024 23:31:52.536751032 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
45 | 192.168.2.4 | 49784 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:52.653439999 CEST | 326 | OUT | |
Sep 27, 2024 23:31:53.371033907 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
46 | 192.168.2.4 | 49785 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:53.499073982 CEST | 326 | OUT | |
Sep 27, 2024 23:31:54.261552095 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
47 | 192.168.2.4 | 49786 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:54.434941053 CEST | 326 | OUT | |
Sep 27, 2024 23:31:55.211530924 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
48 | 192.168.2.4 | 49787 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:55.346120119 CEST | 326 | OUT | |
Sep 27, 2024 23:31:56.086482048 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
49 | 192.168.2.4 | 49788 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:56.217586994 CEST | 326 | OUT | |
Sep 27, 2024 23:31:56.994458914 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
50 | 192.168.2.4 | 49789 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:57.124916077 CEST | 326 | OUT | |
Sep 27, 2024 23:31:57.827439070 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
51 | 192.168.2.4 | 49790 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:57.980616093 CEST | 326 | OUT | |
Sep 27, 2024 23:31:58.659138918 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
52 | 192.168.2.4 | 49791 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:58.795252085 CEST | 326 | OUT | |
Sep 27, 2024 23:31:59.563734055 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
53 | 192.168.2.4 | 49792 | 45.155.250.128 | 80 | 772 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 23:31:59.689603090 CEST | 326 | OUT | |
Sep 27, 2024 23:32:00.439975977 CEST | 220 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:29:54 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'132'268 bytes |
MD5 hash: | E3BF1BD1BB1678ECA7BC20F0DE65FB4F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 17:29:55 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 708'608 bytes |
MD5 hash: | ED4730120FE89130C401E2280D614D75 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 17:29:56 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'662'400 bytes |
MD5 hash: | C26B00F4D8662FF6FAF6841BDAED9586 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 21.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.4% |
Total number of Nodes: | 1520 |
Total number of Limit Nodes: | 22 |
Graph
Function 00409B78 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040520C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401918 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004099EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A814 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A82F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401430 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405280 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C34 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405258 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405CF4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040840C Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401494 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 15.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 4.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 61 |
Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E0AC Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450334 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423C1C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046744C Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1656windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452AD4 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E1E4 Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408578 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423B94 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455644 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F594 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F250 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00492DEC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00483F60 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468E4C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D2FC Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040632C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F5D4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453264 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467228 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004309B4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042369C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418F48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041364C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455780 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE54 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454E48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042ED48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455AB8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472350 Relevance: 6.3, APIs: 4, Instructions: 272fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048017C Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421284 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416B52 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004230D8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040627C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048446C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047CA5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F03C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045715C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CEF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00482160 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B400 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B134 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042440C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416654 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EE64 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C978 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F0AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE2C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047E8F8 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045285C Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ADE8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EEB4 Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452CF4 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004527E4 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042324C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E3A4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047CD0F Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045096C Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004085EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FBAC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C550 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441408 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416560 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149C4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450838 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CCDC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E8D8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062F8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454C6C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041468C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406F20 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042365C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004242D4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466BE8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CD34 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ED0 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004509A0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004072B8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E3FF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004165FC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044879C Relevance: 1.4, APIs: 1, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047E21C Relevance: 1.4, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F3D4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453038 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401340 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406F58 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F128 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458670 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418394 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045568C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049877C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045763C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455EB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417CE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464200 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00463D84 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E944 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00483E20 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004627F8 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004241EC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417CDE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004175A8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004241A4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004125E8 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478EFC Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D2E4 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D2FC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001130 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001000 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B6CC Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004566E0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00498AA8 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CC68 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004548E8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00459500 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458AEC Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045459C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497328 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462A98 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F1E8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458CC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456DC8 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E428 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00481D38 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D35C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D1EC Relevance: 13.6, APIs: 9, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496BCC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004703F4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462ED8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004787AC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00429490 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DE34 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047708C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411704 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457384 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004780A8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045982C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C158 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418C64 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484150 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B472 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495A04 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D730 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EA2C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047905C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B67C Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B94C Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B518 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BD9C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A90 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047EBDC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B280 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EAB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E9BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00477FD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416C3C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414810 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004297DC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BBC8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004143F0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FB4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456CA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004571FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478B28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004840A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045940C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EB64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F7B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00499040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046469C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047DB00 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D08 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408A64 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E938 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495FFC Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417228 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495CB4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454FF0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D020 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019CC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D1CC Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478640 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424250 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A69C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004767E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004792D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004501DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496A78 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DD74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045571C Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 10.5% |
Dynamic/Decrypted Code Coverage: | 83.5% |
Signature Coverage: | 1.7% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 36 |
Graph
Function 02C172AB Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1648B Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C1F8DE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1F7DA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C11CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C14D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C126DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C17BC2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63sleepCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C129EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C11BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C12EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C50DFA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C12DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C22030 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C11AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02CAA471 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B225 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402160 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C14BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C4FC92 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 110stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C12D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040220B Relevance: 3.0, APIs: 2, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C18321 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004039F0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402159 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004021A8 Relevance: 3.0, APIs: 2, Instructions: 6registryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C15119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1E8F8 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C133B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1E488 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402332 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C1E267 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026D6 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025C7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B8DC Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040256B Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B1FE Relevance: 1.5, APIs: 1, Instructions: 5registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C220A0 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B4BC Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B7AE Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402277 Relevance: 1.3, APIs: 1, Instructions: 14stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040218F Relevance: 1.3, APIs: 1, Instructions: 10sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B5D9 Relevance: 1.3, APIs: 1, Instructions: 8sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040270C Relevance: 4.5, APIs: 3, Instructions: 13serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C208B8 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040254E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C1F792 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C124E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C13423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405408 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C59 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004058D5 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C21550 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C21662 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404618 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 102memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C25CD4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C23404 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C234D9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C355C0 Relevance: 9.3, APIs: 6, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405B24 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C11C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C21870 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C14030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004036D0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1207F Relevance: 7.6, APIs: 5, Instructions: 98timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1E02F Relevance: 7.6, APIs: 5, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C121D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C11EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C20800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C130AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C23A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403E3A Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C236F0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C13D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C1247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C12004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C11E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02C195A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02C119C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040446C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|