Edit tour
Windows
Analysis Report
T6l6gPxwQU.exe
Overview
General Information
| Sample name: | T6l6gPxwQU.exerenamed because original name is a hash value |
| Original sample name: | fca042b18adf613d9a2be1646663698f.exe |
| Analysis ID: | 1528376 |
| MD5: | fca042b18adf613d9a2be1646663698f |
| SHA1: | a7c91cd17ceeb8b1d0ac9873723f2b35487ca50c |
| SHA256: | 3e358ac78679758f3720dd60d4e5fdff8323f2de436add34238d39c9bf969460 |
| Tags: | 64exe |
| Infos: |  |
 | |
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Machine Learning detection for sample
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
- System is w10x64
T6l6gPxwQU.exe (PID: 7348 cmdline: "C:\Users\ user\Deskt op\T6l6gPx wQU.exe" MD5: FCA042B18ADF613D9A2BE1646663698F) 
powershell.exe (PID: 7364 cmdline: powershell .exe -Exec utionPolic y Bypass - File "C:\U sers\Publi c\ProfileD etails.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9) 
conhost.exe (PID: 7372 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
InformationCheck.exe (PID: 7604 cmdline: "C:\Users\ Public\Inf ormationCh eck.exe" C :\Users\Pu blic\Detai ls.au3 MD5: C56B5F0201A3B3DE53E561FE76912BFD) - cmd.exe (PID: 7660 cmdline:
cmd /k ech o [Interne tShortcut] > "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ SwiftWrite .url" & ec ho URL="C: \Users\use r\AppData\ Local\Word Genius Tec hnologies\ SwiftWrite .js" >> "C :\Users\us er\AppData \Roaming\M icrosoft\W indows\Sta rt Menu\Pr ograms\Sta rtup\Swift Write.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7668 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
wscript.exe (PID: 7904 cmdline: "C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\WordGen ius Techno logies\Swi ftWrite.js " MD5: A47CBE969EA935BDD3AB568BB126BC80) - SwiftWrite.pif (PID: 8028 cmdline:
"C:\Users\ user\AppDa ta\Local\W ordGenius Technologi es\SwiftWr ite.pif" " C:\Users\u ser\AppDat a\Local\Wo rdGenius T echnologie s\G" MD5: C56B5F0201A3B3DE53E561FE76912BFD)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Tim Shelton: | ||
| Source: | Author: Max Altgelt (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: frack113: | ||
| Source: | Author: Max Altgelt (Nextron Systems): | ||
| Source: | Author: Michael Haag: | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
Data Obfuscation | |
|---|
| Source: | Author: Joe Security: | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF6BB19BC70 | |
| Source: | Code function: | 0_2_00007FF6BB1A72A8 | |
| Source: | Code function: | 0_2_00007FF6BB1A71F4 | |
| Source: | Code function: | 0_2_00007FF6BB19B7C0 | |
| Source: | Code function: | 0_2_00007FF6BB162F50 | |
| Source: | Code function: | 0_2_00007FF6BB1AA4F8 | |
| Source: | Code function: | 0_2_00007FF6BB1AA350 | |
| Source: | Code function: | 0_2_00007FF6BB1A6428 | |
| Source: | Code function: | 0_2_00007FF6BB1AA874 | |
| Source: | Code function: | 0_2_00007FF6BB19C7C0 | |
| Source: | Code function: | 3_2_00594005 | |
| Source: | Code function: | 3_2_0059494A | |
| Source: | Code function: | 3_2_0059C2FF | |
| Source: | Code function: | 3_2_0059CD14 | |
| Source: | Code function: | 3_2_0059CD9F | |
| Source: | Code function: | 3_2_0059F5D8 | |
| Source: | Code function: | 3_2_0059F735 | |
| Source: | Code function: | 3_2_0059FA36 | |
| Source: | Code function: | 3_2_00593CE2 | |
| Source: | Code function: | 10_2_00904005 | |
| Source: | Code function: | 10_2_0090494A | |
| Source: | Code function: | 10_2_0090C2FF | |
| Source: | Code function: | 10_2_0090CD9F | |
| Source: | Code function: | 10_2_0090CD14 | |
| Source: | Code function: | 10_2_0090F5D8 | |
| Source: | Code function: | 10_2_0090F735 | |
| Source: | Code function: | 10_2_0090FA36 | |
| Source: | Code function: | 10_2_00903CE2 | |
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00007FF6BB1AE968 | |
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF6BB1B0D24 | |
| Source: | Code function: | 0_2_00007FF6BB1B0D24 | |
| Source: | Code function: | 3_2_005A4830 | |
| Source: | Code function: | 10_2_00914830 | |
| Source: | Code function: | 0_2_00007FF6BB1B0A6C | |
| Source: | Code function: | 0_2_00007FF6BB121CEC | |
| Source: | Code function: | 3_2_005BD164 | |
| Source: | Code function: | 10_2_0092D164 | |
System Summary | |
|---|
| Source: | Code function: | 0_2_00007FF6BB1237B0 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_5e6fb49a-f | |
| Source: | String found in binary or memory: | memstr_b81c1be3-9 | |
| Source: | COM Object queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB19C054 | |
| Source: | Code function: | 0_2_00007FF6BB18D2C4 | |
| Source: | Code function: | 0_2_00007FF6BB19D750 | |
| Source: | Code function: | 3_2_00595778 | |
| Source: | Code function: | 10_2_00905778 | |
| Source: | Code function: | 0_2_00007FF6BB1BF630 | |
| Source: | Code function: | 0_2_00007FF6BB132E30 | |
| Source: | Code function: | 0_2_00007FF6BB133C20 | |
| Source: | Code function: | 0_2_00007FF6BB13FA4F | |
| Source: | Code function: | 0_2_00007FF6BB1CDB18 | |
| Source: | Code function: | 0_2_00007FF6BB15793C | |
| Source: | Code function: | 0_2_00007FF6BB12B9F0 | |
| Source: | Code function: | 0_2_00007FF6BB1A1A18 | |
| Source: | Code function: | 0_2_00007FF6BB1CBA0C | |
| Source: | Code function: | 0_2_00007FF6BB1B206C | |
| Source: | Code function: | 0_2_00007FF6BB14C130 | |
| Source: | Code function: | 0_2_00007FF6BB125F3C | |
| Source: | Code function: | 0_2_00007FF6BB12BE70 | |
| Source: | Code function: | 0_2_00007FF6BB14BEB4 | |
| Source: | Code function: | 0_2_00007FF6BB12B390 | |
| Source: | Code function: | 0_2_00007FF6BB16529C | |
| Source: | Code function: | 0_2_00007FF6BB1B32AC | |
| Source: | Code function: | 0_2_00007FF6BB12183C | |
| Source: | Code function: | 0_2_00007FF6BB161840 | |
| Source: | Code function: | 0_2_00007FF6BB19D87C | |
| Source: | Code function: | 0_2_00007FF6BB1358D0 | |
| Source: | Code function: | 0_2_00007FF6BB14F8D0 | |
| Source: | Code function: | 0_2_00007FF6BB151750 | |
| Source: | Code function: | 0_2_00007FF6BB1D17C0 | |
| Source: | Code function: | 0_2_00007FF6BB1B56A0 | |
| Source: | Code function: | 0_2_00007FF6BB1595B0 | |
| Source: | Code function: | 0_2_00007FF6BB162D20 | |
| Source: | Code function: | 0_2_00007FF6BB1B6C34 | |
| Source: | Code function: | 0_2_00007FF6BB122AE0 | |
| Source: | Code function: | 0_2_00007FF6BB1C0AEC | |
| Source: | Code function: | 0_2_00007FF6BB1530DC | |
| Source: | Code function: | 0_2_00007FF6BB130E70 | |
| Source: | Code function: | 0_2_00007FF6BB140E90 | |
| Source: | Code function: | 0_2_00007FF6BB1CCE8C | |
| Source: | Code function: | 0_2_00007FF6BB166DE4 | |
| Source: | Code function: | 0_2_00007FF6BB1584C0 | |
| Source: | Code function: | 0_2_00007FF6BB144514 | |
| Source: | Code function: | 0_2_00007FF6BB1B8360 | |
| Source: | Code function: | 0_2_00007FF6BB1A83D4 | |
| Source: | Code function: | 0_2_00007FF6BB14C3FC | |
| Source: | Code function: | 0_2_00007FF6BB162400 | |
| Source: | Code function: | 0_2_00007FF6BB1402C4 | |
| Source: | Code function: | 0_2_00007FF6BB1B6320 | |
| Source: | Code function: | 0_2_00007FF6BB15A8A0 | |
| Source: | Code function: | 0_2_00007FF6BB1667F0 | |
| Source: | Code function: | 0_2_00007FF6BB1CC6D4 | |
| Source: | Code function: | 0_2_00007FF6BB1C055C | |
| Source: | Code function: | 0_2_00007FF6BB1CA59C | |
| Source: | Code function: | 1_2_00007FFD9B7E211D | |
| Source: | Code function: | 3_2_0053B020 | |
| Source: | Code function: | 3_2_005394E0 | |
| Source: | Code function: | 3_2_00539C80 | |
| Source: | Code function: | 3_2_005523F5 | |
| Source: | Code function: | 3_2_005B8400 | |
| Source: | Code function: | 3_2_00566502 | |
| Source: | Code function: | 3_2_0056265E | |
| Source: | Code function: | 3_2_0053E6F0 | |
| Source: | Code function: | 3_2_0055282A | |
| Source: | Code function: | 3_2_005689BF | |
| Source: | Code function: | 3_2_00566A74 | |
| Source: | Code function: | 3_2_005B0A3A | |
| Source: | Code function: | 3_2_00540BE0 | |
| Source: | Code function: | 3_2_0055CD51 | |
| Source: | Code function: | 3_2_0058EDB2 | |
| Source: | Code function: | 3_2_00598E44 | |
| Source: | Code function: | 3_2_005B0EB7 | |
| Source: | Code function: | 3_2_00566FE6 | |
| Source: | Code function: | 3_2_005533B7 | |
| Source: | Code function: | 3_2_0054D45D | |
| Source: | Code function: | 3_2_0055F409 | |
| Source: | Code function: | 3_2_00531663 | |
| Source: | Code function: | 3_2_0054F628 | |
| Source: | Code function: | 3_2_005516B4 | |
| Source: | Code function: | 3_2_0053F6A0 | |
| Source: | Code function: | 3_2_005578C3 | |
| Source: | Code function: | 3_2_0055DBA5 | |
| Source: | Code function: | 3_2_00551BA8 | |
| Source: | Code function: | 3_2_00569CE5 | |
| Source: | Code function: | 3_2_0054DD28 | |
| Source: | Code function: | 3_2_0055BFD6 | |
| Source: | Code function: | 3_2_00551FC0 | |
| Source: | Code function: | 10_2_008AB020 | |
| Source: | Code function: | 10_2_008A94E0 | |
| Source: | Code function: | 10_2_008A9C80 | |
| Source: | Code function: | 10_2_008C23F5 | |
| Source: | Code function: | 10_2_00928400 | |
| Source: | Code function: | 10_2_008D6502 | |
| Source: | Code function: | 10_2_008AE6F0 | |
| Source: | Code function: | 10_2_008D265E | |
| Source: | Code function: | 10_2_008C282A | |
| Source: | Code function: | 10_2_008D89BF | |
| Source: | Code function: | 10_2_00920A3A | |
| Source: | Code function: | 10_2_008D6A74 | |
| Source: | Code function: | 10_2_008B0BE0 | |
| Source: | Code function: | 10_2_008FEDB2 | |
| Source: | Code function: | 10_2_008CCD51 | |
| Source: | Code function: | 10_2_00920EB7 | |
| Source: | Code function: | 10_2_00908E44 | |
| Source: | Code function: | 10_2_008D6FE6 | |
| Source: | Code function: | 10_2_008C33B7 | |
| Source: | Code function: | 10_2_008CF409 | |
| Source: | Code function: | 10_2_008BD45D | |
| Source: | Code function: | 10_2_008AF6A0 | |
| Source: | Code function: | 10_2_008C16B4 | |
| Source: | Code function: | 10_2_008BF628 | |
| Source: | Code function: | 10_2_008A1663 | |
| Source: | Code function: | 10_2_008C78C3 | |
| Source: | Code function: | 10_2_008C1BA8 | |
| Source: | Code function: | 10_2_008CDBA5 | |
| Source: | Code function: | 10_2_008D9CE5 | |
| Source: | Code function: | 10_2_008BDD28 | |
| Source: | Code function: | 10_2_008C1FC0 | |
| Source: | Code function: | 10_2_008CBFD6 | |
| Source: | Dropped File: | ||
| Source: | Dropped File: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00007FF6BB1A3778 | |
| Source: | Code function: | 0_2_00007FF6BB18D5CC | |
| Source: | Code function: | 0_2_00007FF6BB18CCE0 | |
| Source: | Code function: | 3_2_00588DE9 | |
| Source: | Code function: | 3_2_00589399 | |
| Source: | Code function: | 10_2_008F8DE9 | |
| Source: | Code function: | 10_2_008F9399 | |
| Source: | Code function: | 0_2_00007FF6BB1A59D8 | |
| Source: | Code function: | 0_2_00007FF6BB19BE00 | |
| Source: | Code function: | 0_2_00007FF6BB1B7E38 | |
| Source: | Code function: | 0_2_00007FF6BB126580 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF6BB1932F4 | |
| Source: | Code function: | 0_2_00007FF6BB1573A2 | |
| Source: | Code function: | 0_2_00007FF6BB157904 | |
| Source: | Code function: | 1_2_00007FFD9B7E430D | |
| Source: | Code function: | 1_2_00007FFD9B7E00C1 | |
| Source: | Code function: | 3_2_0055E941 | |
| Source: | Code function: | 3_2_0055EA5A | |
| Source: | Code function: | 3_2_00598A4C | |
| Source: | Code function: | 3_2_00558B88 | |
| Source: | Code function: | 3_2_0054CBF8 | |
| Source: | Code function: | 3_2_0055EC35 | |
| Source: | Code function: | 3_2_0055ED1E | |
| Source: | Code function: | 10_2_008CE941 | |
| Source: | Code function: | 10_2_008CEA5A | |
| Source: | Code function: | 10_2_00908A4C | |
| Source: | Code function: | 10_2_008BCBF8 | |
| Source: | Code function: | 10_2_008C8B88 | |
| Source: | Code function: | 10_2_008CEC35 | |
| Source: | Code function: | 10_2_008CED1E | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB144514 | |
| Source: | Code function: | 3_2_005B59B3 | |
| Source: | Code function: | 3_2_00545EDA | |
| Source: | Code function: | 10_2_009259B3 | |
| Source: | Code function: | 10_2_008B5EDA | |
| Source: | Code function: | 3_2_005533B7 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | ||
| Source: | Evasive API call chain: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB19BC70 | |
| Source: | Code function: | 0_2_00007FF6BB1A72A8 | |
| Source: | Code function: | 0_2_00007FF6BB1A71F4 | |
| Source: | Code function: | 0_2_00007FF6BB19B7C0 | |
| Source: | Code function: | 0_2_00007FF6BB162F50 | |
| Source: | Code function: | 0_2_00007FF6BB1AA4F8 | |
| Source: | Code function: | 0_2_00007FF6BB1AA350 | |
| Source: | Code function: | 0_2_00007FF6BB1A6428 | |
| Source: | Code function: | 0_2_00007FF6BB1AA874 | |
| Source: | Code function: | 0_2_00007FF6BB19C7C0 | |
| Source: | Code function: | 3_2_00594005 | |
| Source: | Code function: | 3_2_0059494A | |
| Source: | Code function: | 3_2_0059C2FF | |
| Source: | Code function: | 3_2_0059CD14 | |
| Source: | Code function: | 3_2_0059CD9F | |
| Source: | Code function: | 3_2_0059F5D8 | |
| Source: | Code function: | 3_2_0059F735 | |
| Source: | Code function: | 3_2_0059FA36 | |
| Source: | Code function: | 3_2_00593CE2 | |
| Source: | Code function: | 10_2_00904005 | |
| Source: | Code function: | 10_2_0090494A | |
| Source: | Code function: | 10_2_0090C2FF | |
| Source: | Code function: | 10_2_0090CD9F | |
| Source: | Code function: | 10_2_0090CD14 | |
| Source: | Code function: | 10_2_0090F5D8 | |
| Source: | Code function: | 10_2_0090F735 | |
| Source: | Code function: | 10_2_0090FA36 | |
| Source: | Code function: | 10_2_00903CE2 | |
| Source: | Code function: | 0_2_00007FF6BB141D80 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB1B0A00 | |
| Source: | Code function: | 0_2_00007FF6BB1237B0 | |
| Source: | Code function: | 0_2_00007FF6BB145BC0 | |
| Source: | Code function: | 0_2_00007FF6BB1932F4 | |
| Source: | Code function: | 0_2_00007FF6BB18D408 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB1459C8 | |
| Source: | Code function: | 0_2_00007FF6BB1457E4 | |
| Source: | Code function: | 0_2_00007FF6BB15AF58 | |
| Source: | Code function: | 0_2_00007FF6BB168FE4 | |
| Source: | Code function: | 3_2_0055A354 | |
| Source: | Code function: | 3_2_0055A385 | |
| Source: | Code function: | 10_2_008CA385 | |
| Source: | Code function: | 10_2_008CA354 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Process created: | ||
| Source: | Code function: | 0_2_00007FF6BB18CE68 | |
| Source: | Code function: | 0_2_00007FF6BB1237B0 | |
| Source: | Code function: | 0_2_00007FF6BB199420 | |
| Source: | Code function: | 0_2_00007FF6BB19D158 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB18C858 | |
| Source: | Code function: | 0_2_00007FF6BB18D540 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF6BB15FD20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF6BB19DC1C | |
| Source: | Code function: | 0_2_00007FF6BB182BCF | |
| Source: | Code function: | 0_2_00007FF6BB162400 | |
| Source: | Code function: | 0_2_00007FF6BB141D80 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF6BB1B3940 | |
| Source: | Code function: | 0_2_00007FF6BB1B4074 | |
| Source: | Code function: | 3_2_005A696E | |
| Source: | Code function: | 3_2_005A6E32 | |
| Source: | Code function: | 10_2_0091696E | |
| Source: | Code function: | 10_2_00916E32 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | 2 Valid Accounts | 2 Native API | 1 Scripting | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 26 System Information Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 211 Masquerading | LSA Secrets | 31 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 12 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | ReversingLabs | Win64.Trojan.Povertel | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs | |||
| 3% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| my.cloudme.com | 83.140.241.4 | true | false | unknown | |
| nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 83.140.241.4 | my.cloudme.com | Sweden | 39369 | PORT80SE | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528376 |
| Start date and time: | 2024-10-07 21:29:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | T6l6gPxwQU.exerenamed because original name is a hash value |
| Original Sample Name: | fca042b18adf613d9a2be1646663698f.exe |
| Detection: | MAL |
| Classification: | mal100.expl.evad.winEXE@12/10@3/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 7364 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: T6l6gPxwQU.exe
| Time | Type | Description |
|---|---|---|
| 15:29:59 | API Interceptor | |
| 15:30:45 | API Interceptor | |
| 15:31:04 | API Interceptor | |
| 20:30:10 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 83.140.241.4 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| my.cloudme.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| PORT80SE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Credential Flusher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| C:\Users\Public\InformationCheck.exe | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Vidar | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3485127 |
| Entropy (8bit): | 4.739244309224887 |
| Encrypted: | false |
| SSDEEP: | 24576:qcb6NMAG7HuyDNNx+ZB8rKZsNuNxWdY74lb9UWrEiTO2yP:a |
| MD5: | 3881B892AE0893A906D6CBE6DB39FE11 |
| SHA1: | CF03508A1B930C37F5737227F917A6A36A6FD650 |
| SHA-256: | 35287AC8E4E594323E7E7D77C697E8089E2D7B4D1D661F4E2B0E1884A78C3221 |
| SHA-512: | F7C49C8302028ED05C03C6805A657B26F82AF8A856AC723FBED10DB04452609611815928FDF290D57A3D3D0FA5C45805D72D14F71424AAE83A38144941BFE681 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893608 |
| Entropy (8bit): | 6.620131693023677 |
| Encrypted: | false |
| SSDEEP: | 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01 |
| MD5: | C56B5F0201A3B3DE53E561FE76912BFD |
| SHA1: | 2A4062E10A5DE813F5688221DBEB3F3FF33EB417 |
| SHA-256: | 237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D |
| SHA-512: | 195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 373 |
| Entropy (8bit): | 5.122687847204781 |
| Encrypted: | false |
| SSDEEP: | 6:gsvPFyKoJFODu3Id25PaH9Ayz1gY1PaHzPMKds48QLh8JdWzH6mLF7djIXIINOQL:xv9ZoXOJrAymYEzdHGHWzH6mL5dsfHbf |
| MD5: | 3E79D02E7B3EF1B1C347DBF4090CD366 |
| SHA1: | 90F33D606D9E2C544F0E3C48FBF02B0080501275 |
| SHA-256: | 3A54CC3C7B092F5FC5978A1A757D1FFC32C4539430433CE469662C980288137C |
| SHA-512: | 8CC2F59F89414FA83246A5C7E3589C6038F23C83DE7A1EF3920AF1B57028B63C6105930675E9F99AFAC1F228712B27C2E2A8B0BC9D2DEC55EEB8C921C6D60740 |
| Malicious: | true |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64 |
| Entropy (8bit): | 1.1940658735648508 |
| Encrypted: | false |
| SSDEEP: | 3:NlllulxmH/lZ:NllUg |
| MD5: | D904BDD752B6F23D81E93ECA3BD8E0F3 |
| SHA1: | 026D8B0D0F79861746760B0431AD46BAD2A01676 |
| SHA-256: | B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2 |
| SHA-512: | 5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\Public\InformationCheck.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3485124 |
| Entropy (8bit): | 4.739228439290352 |
| Encrypted: | false |
| SSDEEP: | 24576:Dcb6NMAG7HuyDNNx+ZB8rKZsNuNxWdY74lb9UWrEiTO2yP:5 |
| MD5: | F684D28C9ADBC8AA4A1CB8A64CB26FC5 |
| SHA1: | 4CB15F81E6EE5D5BB7B51FB22EEE1A9D6CD44BC1 |
| SHA-256: | DA2215F0068D4E839C7698C3576CF3288E84C351E7634E1A45969DB7078755E9 |
| SHA-512: | EE11BF3FDE51A9A70174C10AC82CF9C834A8DA9C0003B4E5BAD6E7C65E02623F2C30CB1AE86A62C5409DDD0952946F189B16095E5DAF5E7E54388352E748786D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\Public\InformationCheck.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 184 |
| Entropy (8bit): | 4.736154105743425 |
| Encrypted: | false |
| SSDEEP: | 3:RiMIpGXfeNH5E5wWAX+Ro6p4EkD5yKXW/Zi+0/RaMl85uWAX+Ro6p4EkD5yKXW/f:RiJbNHCwWDKaJkDrXW/Zz0tl8wWDKaJX |
| MD5: | 612D28A7A2758BAAF54DB34272446F87 |
| SHA1: | D4671632FC2141EF2AB2455F8923BC5197B2FD68 |
| SHA-256: | 94A83DD87CE7268703585A40C52491DDC7D332380B82832951DED047AAE6D73A |
| SHA-512: | B4B64908C674F92F5D4B1E761E123957E8D5CD6C3F433D2D5C6ADD19101FD0610EE968222D4CED31E8F21F7F022D880E7E723E4171BC7DB18C37A2000A58565B |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\Public\InformationCheck.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893608 |
| Entropy (8bit): | 6.620131693023677 |
| Encrypted: | false |
| SSDEEP: | 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01 |
| MD5: | C56B5F0201A3B3DE53E561FE76912BFD |
| SHA1: | 2A4062E10A5DE813F5688221DBEB3F3FF33EB417 |
| SHA-256: | 237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D |
| SHA-512: | 195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url 
Download File
| Process: | C:\Windows\SysWOW64\cmd.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98 |
| Entropy (8bit): | 4.915531212533357 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQaFyw3pYot+kiE2J5yKXW/Zi+URAAy:HRYF5yjowkn23yKXW/Zzyy |
| MD5: | 56D029782506F3E1F7EC40780D1DA27F |
| SHA1: | C7E0690DE9B31C951AC212A7E940E460267F2BA1 |
| SHA-256: | 5F412A72A3459ACA6A245DE1A280AB53CA5E6B306FECA32E0DF4B0B9B7863223 |
| SHA-512: | 1C5F108FB4325E4B47E9EE15F5D828569EE90676D5170D6D3B92BD13BD39CCAA68657CBB97761007154C73D2FFCFA8A3582879CB2097A899B22C1C83848A9D92 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.310400449094374 |
| TrID: |
|
| File name: | T6l6gPxwQU.exe |
| File size: | 1'974'272 bytes |
| MD5: | fca042b18adf613d9a2be1646663698f |
| SHA1: | a7c91cd17ceeb8b1d0ac9873723f2b35487ca50c |
| SHA256: | 3e358ac78679758f3720dd60d4e5fdff8323f2de436add34238d39c9bf969460 |
| SHA512: | 5109cb5cb9606c330110eee1449506abf7453d795c656b232ea12968ee481a3df698ba9a3dcc1a8c122eaa198e0b27677ab25fc4fd5e4e8909a6019b40820bdc |
| SSDEEP: | 49152:x2EYTb8atv1orq+pEiSDTj1VyvBatZeI4LeO07B+Iy3AqMl1ZcK:gXbIrq3o/07B+yqm1Z |
| TLSH: | EB95C01973A4419DFEABE1B6CA13C607D7B17C460277861F02A46B766F337712A2E321 |
| File Content Preview: | MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG |
 | |
| Icon Hash: | 13ebebe37b0db4f9 |
| Entrypoint: | 0x14002549c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66FC4D92 [Tue Oct 1 19:29:22 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 2 |
| File Version Major: | 5 |
| File Version Minor: | 2 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 2 |
| Import Hash: | fadc5a257419d2541a6b13dfb5e311e2 |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F8C24834730h |
| dec eax |
| add esp, 28h |
| jmp 00007F8C2483403Fh |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| dec eax |
| mov eax, edx |
| dec eax |
| lea ecx, dword ptr [0009466Dh] |
| dec eax |
| mov dword ptr [ebx], ecx |
| dec eax |
| lea edx, dword ptr [ebx+08h] |
| xor ecx, ecx |
| dec eax |
| mov dword ptr [edx], ecx |
| dec eax |
| mov dword ptr [edx+08h], ecx |
| dec eax |
| lea ecx, dword ptr [eax+08h] |
| call 00007F8C24835C49h |
| dec eax |
| lea eax, dword ptr [0009467Dh] |
| dec eax |
| mov dword ptr [ebx], eax |
| dec eax |
| mov eax, ebx |
| dec eax |
| add esp, 20h |
| pop ebx |
| ret |
| int3 |
| dec eax |
| and dword ptr [ecx+10h], 00000000h |
| dec eax |
| lea eax, dword ptr [00094674h] |
| dec eax |
| mov dword ptr [ecx+08h], eax |
| dec eax |
| lea eax, dword ptr [00094659h] |
| dec eax |
| mov dword ptr [ecx], eax |
| dec eax |
| mov eax, ecx |
| ret |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| dec eax |
| mov eax, edx |
| dec eax |
| lea ecx, dword ptr [0009460Dh] |
| dec eax |
| mov dword ptr [ebx], ecx |
| dec eax |
| lea edx, dword ptr [ebx+08h] |
| xor ecx, ecx |
| dec eax |
| mov dword ptr [edx], ecx |
| dec eax |
| mov dword ptr [edx+08h], ecx |
| dec eax |
| lea ecx, dword ptr [eax+08h] |
| call 00007F8C24835BE9h |
| dec eax |
| lea eax, dword ptr [00094645h] |
| dec eax |
| mov dword ptr [ebx], eax |
| dec eax |
| mov eax, ebx |
| dec eax |
| add esp, 20h |
| pop ebx |
| ret |
| int3 |
| dec eax |
| and dword ptr [ecx+10h], 00000000h |
| dec eax |
| lea eax, dword ptr [0009463Ch] |
| dec eax |
| mov dword ptr [ecx+08h], eax |
| dec eax |
| lea eax, dword ptr [00000021h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe5c10 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfb000 | 0xed7cc | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf4000 | 0x6f48 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1e9000 | 0xa74 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc7050 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xd9aa0 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc7070 | 0x100 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xb5000 | 0x1138 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xb3328 | 0xb3400 | 507a8505198e35cc9675301d53e3b1c4 | False | 0.5503358721234309 | data | 6.5212967575920215 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xb5000 | 0x34204 | 0x34400 | 9eda36be0cf076085a2f9772c1ee5803 | False | 0.30884139503588515 | data | 5.360588077813426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xea000 | 0x9120 | 0x5000 | ec6b77d6ef8898b0d3b7d48c042d66a0 | False | 0.040673828125 | DOS executable (block device driver) | 0.5749243362866429 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0xf4000 | 0x6f48 | 0x7000 | 4416e27f8be9f9271c439d2fd34d1b2d | False | 0.49612862723214285 | data | 5.911479421450324 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xfb000 | 0xed7cc | 0xed800 | bec808d7dc177cca1390dc1ada2ac9e2 | False | 0.9320888157894737 | data | 7.852477011959672 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1e9000 | 0xa74 | 0xc00 | 5ddb0e422ace102fe530e589a0cbec6f | False | 0.4850260416666667 | data | 5.139847116863034 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xfb518 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xfb640 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xfb768 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xfb890 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | Great Britain | 0.6071763602251408 |
| RT_ICON | 0xfc938 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | Great Britain | 0.525103734439834 |
| RT_ICON | 0xfeee0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | Great Britain | 0.47821209258384506 |
| RT_ICON | 0x103108 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | Great Britain | 0.36631964982846327 |
| RT_ICON | 0x113930 | 0xc34e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 0.9994999799991999 |
| RT_MENU | 0x11fc80 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0x11fcd0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0x120264 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
| RT_STRING | 0x1208f0 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0x120d80 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0x12137c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0x1219d8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0x121e40 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0x121f98 | 0xc62e0 | data | 1.00031537036307 | ||
| RT_GROUP_ICON | 0x1e8278 | 0x4c | data | English | Great Britain | 0.8157894736842105 |
| RT_GROUP_ICON | 0x1e82c4 | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0x1e82d8 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0x1e82ec | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0x1e8300 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0x1e83dc | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
| WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
| USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext |
| USER32.dll | GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW |
| GDI32.dll | EndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath |
| COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW |
| SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
| OLEAUT32.dll | VariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 7, 2024 21:30:02.084697962 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.084747076 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:02.084844112 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.096025944 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.096056938 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:02.862026930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:02.862095118 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.866838932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.866856098 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:02.867249966 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:02.879070044 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:02.923398018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.431181908 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.431230068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.431256056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.431291103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.431329012 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.431343079 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.431425095 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.433111906 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.433140039 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.433166027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.433172941 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.433198929 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.433355093 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.538320065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.538351059 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.538427114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.538427114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.538449049 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.538562059 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.541508913 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.541534901 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.541560888 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.541565895 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.541598082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.541635990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.544511080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.544538975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.544569969 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.544574022 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.544629097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.544629097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.547097921 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.547169924 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.547220945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.547224998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.547367096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.683109999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.683139086 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.686415911 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.686440945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.686458111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.686495066 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.686631918 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.688842058 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.688865900 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.688941002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.688941002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.688946962 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.690525055 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.690546989 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.690583944 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.690588951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.690614939 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.693089008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.693106890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.693145990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.693151951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.693177938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.694807053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.694830894 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.694853067 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.694859028 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.695425034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.741087914 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.812248945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.812294006 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.812408924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.812408924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.812432051 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.815421104 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.837470055 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.837517023 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.837565899 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.837575912 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.837625980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.837625980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.839843988 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.839888096 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.839932919 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.839946985 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.839982033 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.841835976 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.841892004 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.841928005 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.841933966 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.841958046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.843321085 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.843367100 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.843368053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.843424082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.843431950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.843468904 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.844769955 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.844952106 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.845001936 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.845041990 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.845053911 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.845087051 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.846863985 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.846913099 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.846963882 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.846976995 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.847007036 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.848664999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.848707914 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.848714113 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.848742008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.848754883 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.848777056 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.850841999 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.867417097 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.868978977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.898144960 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.898180008 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.898284912 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.898284912 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.898293018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.898447037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.922153950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.922184944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.922278881 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.922280073 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.922290087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.923818111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.923865080 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.923868895 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.923904896 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.923917055 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.923934937 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.924758911 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.925450087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.925491095 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.925532103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.925543070 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.925574064 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.927376032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.927447081 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.927500010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.927511930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.927547932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.928757906 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.944053888 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.944092035 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.944133043 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.944144011 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.944173098 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.944756985 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.946796894 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.946837902 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.946841955 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.946882010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.946892977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.946928024 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.948100090 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.948149920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.948199987 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.948216915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.948254108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.952749968 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.982569933 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.982629061 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.982780933 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.982850075 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:03.982894897 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:03.986852884 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.007527113 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.007586956 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.007635117 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.007648945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.007689953 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.007877111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.008531094 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.008580923 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.008740902 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.008806944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.008867025 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.009829044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.009881973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.009958029 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.009974003 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.010025978 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.011019945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.011066914 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.011073112 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.011110067 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.011125088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.011147976 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.014240026 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.028178930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.028228998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.028264999 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.028290987 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.028307915 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.029405117 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.029444933 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.029453993 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.029483080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.029489994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.029510021 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.029613018 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.030975103 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.031028032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.031064034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.031075954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.031096935 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.038934946 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.066418886 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.066488981 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.066642046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.066642046 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.066673994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.067411900 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.090778112 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.090817928 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.090894938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.090894938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.090919971 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.091514111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.092365980 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.092413902 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.092451096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.092456102 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.092478037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.094054937 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.094110012 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.094145060 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.094150066 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.094172001 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.094501019 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.095170975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.095213890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.095248938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.095259905 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.095280886 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.099317074 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.113046885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.113099098 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.113197088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.113197088 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.132535934 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.132548094 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.132560968 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.132646084 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.152400970 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.152466059 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.152484894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.152498007 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.152523994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.177315950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177386045 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177403927 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.177418947 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177437067 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.177580118 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177622080 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177629948 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.177654028 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.177670002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.179917097 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.179965973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.179980993 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.179986954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.180010080 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.180941105 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.180983067 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.181006908 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.181011915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.181035042 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.197709084 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.197788000 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.197813988 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.197834015 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.197849989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.199311018 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.199368954 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.199388027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.199413061 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.199419975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.199425936 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.200449944 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.200498104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.200503111 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.200525999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.200550079 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.236669064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.236726999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.236772060 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.236792088 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.236809015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.260057926 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.260128021 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.260148048 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.260171890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.260190010 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.260206938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.261487007 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.261532068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.261543989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.261568069 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.261648893 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.263322115 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.263372898 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.263412952 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.263427973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.263451099 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.265021086 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.265067101 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.265100956 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.265109062 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.265131950 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.281019926 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.281074047 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.281092882 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.281128883 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.491485119 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.510471106 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.510540962 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.510580063 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.510601997 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.510646105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.510663986 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.510703087 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.510749102 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542392015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542422056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542443037 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542457104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542469978 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542522907 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542547941 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542567968 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542596102 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542613029 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542624950 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542634964 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542654037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542654037 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542663097 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542690039 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542689085 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542710066 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542718887 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542723894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542733908 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542757034 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542762995 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542795897 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542805910 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542819977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.542850018 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542850971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.542880058 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.747425079 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.747497082 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.752268076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.752285957 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.752304077 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.752341986 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.752352953 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.752367020 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.752382040 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.752387047 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.752408981 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.752438068 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774550915 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774580956 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774597883 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774607897 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774683952 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774694920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774720907 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774732113 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774802923 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774811029 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774847984 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774863958 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774883986 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774888992 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774904966 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774909973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774924994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774934053 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774954081 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.774965048 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.774991989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.775017977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.919756889 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.919790983 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.919842958 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.919881105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941126108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941184044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941235065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941251040 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941279888 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941287994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941299915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941333055 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941342115 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941363096 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941375971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941382885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941404104 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941436052 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941443920 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941478014 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941487074 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941504002 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941519976 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:04.941557884 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:04.941592932 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.083811045 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.083853006 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.084054947 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.114969015 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.114974022 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.114986897 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115005970 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115020990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115227938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.115227938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.115267992 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115307093 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115319967 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115415096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.115426064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115447998 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.115555048 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.327399015 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.327596903 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.438004971 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.438047886 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.438069105 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.438133001 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.438184977 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.465965033 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.465974092 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.465986013 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466001987 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466025114 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.466031075 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466036081 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466119051 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.466129065 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466142893 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466155052 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466248989 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.466255903 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466274977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466284990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466355085 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.466372013 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.466382980 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.466439009 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.634366035 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.634392977 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.634476900 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658369064 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658380032 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658392906 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658406973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658425093 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658432007 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658437967 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658457041 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658463001 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658505917 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658514023 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658524990 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658552885 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658557892 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658579111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658596039 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658601999 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.658638954 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.658682108 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.837508917 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.837547064 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.837567091 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.837651014 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.859457970 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.859463930 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859500885 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859513044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859627962 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.859636068 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859662056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859688044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859723091 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.859729052 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859802961 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:05.859812021 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:05.859916925 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.010876894 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.010905981 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.010936975 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.011014938 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033019066 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033047915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033086061 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033099890 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033307076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033307076 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033318996 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033350945 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033368111 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033385038 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033397913 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033447027 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033456087 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.033473969 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.033528090 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.243410110 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.243571997 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.254591942 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.254610062 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.254638910 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.254699945 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285456896 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285485983 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285521984 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285532951 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285634995 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285646915 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285664082 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285682917 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285741091 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285748005 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285763025 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285814047 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285814047 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285885096 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.285891056 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.285943985 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.480089903 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.480129004 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.480159044 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.480328083 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.480328083 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.499790907 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.499819994 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.499846935 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.499856949 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.499968052 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.499979973 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.500009060 CEST | 443 | 49730 | 83.140.241.4 | 192.168.2.4 |
| Oct 7, 2024 21:30:06.500030994 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.500058889 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.500111103 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:06.909497976 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:07.073082924 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Oct 7, 2024 21:30:07.302570105 CEST | 49730 | 443 | 192.168.2.4 | 83.140.241.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 7, 2024 21:30:01.833945036 CEST | 55241 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 7, 2024 21:30:02.072568893 CEST | 53 | 55241 | 1.1.1.1 | 192.168.2.4 |
| Oct 7, 2024 21:30:10.590367079 CEST | 64582 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 7, 2024 21:30:10.606520891 CEST | 53 | 64582 | 1.1.1.1 | 192.168.2.4 |
| Oct 7, 2024 21:30:30.059900045 CEST | 49345 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 7, 2024 21:30:30.076343060 CEST | 53 | 49345 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 7, 2024 21:30:01.833945036 CEST | 192.168.2.4 | 1.1.1.1 | 0x55e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 7, 2024 21:30:10.590367079 CEST | 192.168.2.4 | 1.1.1.1 | 0xf90c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 7, 2024 21:30:30.059900045 CEST | 192.168.2.4 | 1.1.1.1 | 0x488a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 7, 2024 21:30:02.072568893 CEST | 1.1.1.1 | 192.168.2.4 | 0x55e8 | No error (0) | 83.140.241.4 | A (IP address) | IN (0x0001) | false | ||
| Oct 7, 2024 21:30:10.606520891 CEST | 1.1.1.1 | 192.168.2.4 | 0xf90c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 7, 2024 21:30:30.076343060 CEST | 1.1.1.1 | 192.168.2.4 | 0x488a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 83.140.241.4 | 443 | 7364 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-07 19:30:02 UTC | 191 | OUT | |
| 2024-10-07 19:30:03 UTC | 395 | IN | |
| 2024-10-07 19:30:03 UTC | 15989 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN | |
| 2024-10-07 19:30:03 UTC | 16384 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:29:57 |
| Start date: | 07/10/2024 |
| Path: | C:\Users\user\Desktop\T6l6gPxwQU.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6bb120000 |
| File size: | 1'974'272 bytes |
| MD5 hash: | FCA042B18ADF613D9A2BE1646663698F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 15:29:58 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff788560000 |
| File size: | 452'608 bytes |
| MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 15:29:58 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 15:30:06 |
| Start date: | 07/10/2024 |
| Path: | C:\Users\Public\InformationCheck.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x530000 |
| File size: | 893'608 bytes |
| MD5 hash: | C56B5F0201A3B3DE53E561FE76912BFD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | high |
| Has exited: | false |
| Target ID: | 4 |
| Start time: | 15:30:09 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 15:30:09 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 15:30:20 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e48a0000 |
| File size: | 170'496 bytes |
| MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 15:30:23 |
| Start date: | 07/10/2024 |
| Path: | C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8a0000 |
| File size: | 893'608 bytes |
| MD5 hash: | C56B5F0201A3B3DE53E561FE76912BFD |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 2.4% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 12.4% |
| Total number of Nodes: | 1429 |
| Total number of Limit Nodes: | 30 |
Graph
Function 00007FF6BB1237B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB126580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB141D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1BF630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB132E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB127920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB125DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB123D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB13E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB123B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1325BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB123CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB127EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1272C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB123F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1366C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15DDA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B56A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D17C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CCE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CBA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CDB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B32AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB144514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB12183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB122AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B0A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB16529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C0AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB125F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A72A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1AA350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19D87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1AA4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B0D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19B7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B3940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B8360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B7E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB121CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB162D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1584C0 Relevance: 7.1, APIs: 4, Instructions: 1071COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB145BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1932F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB151750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB162F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1AE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1595B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB182BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB14C130 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB14BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1358D0 Relevance: .7, Instructions: 692COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB12B390 Relevance: .7, Instructions: 682COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB12B9F0 Relevance: .6, Instructions: 577COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1530DC Relevance: .5, Instructions: 535COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB166DE4 Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A1A18 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15FD20 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1459C8 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CE95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C6EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB192C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D1254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D0118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D03D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B4F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C1110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A3268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1974B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19D4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB197E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB121504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A34E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CAD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB197BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B2A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1976D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19CA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D0D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CA350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1D0B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1BFCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB160BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1ADBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B37A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C15C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CAEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB14A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19D1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB12D4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1BCDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB190EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB199898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB159B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1AD914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C93E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB149164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1689B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C0084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1BD0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB162998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB192ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB160040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB14B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CB454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CAB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CB798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1A4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CB104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1BAF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B7634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB126D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C10C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB126D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB198B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB198CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1950E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB19CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB191D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C9E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1B03C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CB224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CA0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C9868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1C9BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB15FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1CFEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB18DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1615B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1614E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1614FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB161370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB1475C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF6BB145620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|