Edit tour
Windows
Analysis Report
Wuerth_factura_4052073226..exe
Overview
General Information
| Sample name: | Wuerth_factura_4052073226..exe |
| Analysis ID: | 1537095 |
| MD5: | 787041cd8d6cd5e63534d1b060889a76 |
| SHA1: | 82da83771130fbe29d2443635757c3cf5c3949c6 |
| SHA256: | 4447fbf1066bc4f640abff84fcac04d0c86664f9823410348a36c280ac80e26d |
| Tags: | exe |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
Wuerth_factura_4052073226..exe (PID: 528 cmdline:
"C:\Users\ user\Deskt op\Wuerth_ factura_40 52073226.. exe" MD5: 787041CD8D6CD5E63534D1B060889A76) "C:\Users\ user\Deskt op\Wuerth_ factura_40 52073226.. exe" MD5: 787041CD8D6CD5E63534D1B060889A76)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "7777204705:AAGdGJgXaEaWvE6yXv7RvWYjJkTQCsiDnJc", "Chat_id": "7698865320", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-18T15:05:10.826742+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49981 | 188.114.96.3 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-18T15:05:08.522734+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49967 | 132.226.8.169 | 80 | TCP |
| 2024-10-18T15:05:10.100838+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49967 | 132.226.8.169 | 80 | TCP |
| 2024-10-18T15:05:11.772839+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49982 | 132.226.8.169 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_3A5F87A8 | |
| Source: | Code function: | 4_2_3A5F8EF1 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00406370 | |
| Source: | Code function: | 0_2_0040581E | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 4_2_00406370 | |
| Source: | Code function: | 4_2_0040581E | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Code function: | 4_2_000DF2C0 | |
| Source: | Code function: | 4_2_000DF4AC | |
| Source: | Code function: | 4_2_000DF52F | |
| Source: | Code function: | 4_2_000DF974 | |
| Source: | Code function: | 4_2_39DB2DC8 | |
| Source: | Code function: | 4_2_39DB2968 | |
| Source: | Code function: | 4_2_39DB2DB8 | |
| Source: | Code function: | 4_2_39DBD9A8 | |
| Source: | Code function: | 4_2_39DBD550 | |
| Source: | Code function: | 4_2_39DB310E | |
| Source: | Code function: | 4_2_39DBD0F8 | |
| Source: | Code function: | 4_2_39DBCCA0 | |
| Source: | Code function: | 4_2_39DB0853 | |
| Source: | Code function: | 4_2_39DB0040 | |
| Source: | Code function: | 4_2_39DBF810 | |
| Source: | Code function: | 4_2_39DBF3B8 | |
| Source: | Code function: | 4_2_39DBEF60 | |
| Source: | Code function: | 4_2_39DBEB08 | |
| Source: | Code function: | 4_2_39DB0B30 | |
| Source: | Code function: | 4_2_39DB0B30 | |
| Source: | Code function: | 4_2_39DBE6B0 | |
| Source: | Code function: | 4_2_39DBE258 | |
| Source: | Code function: | 4_2_39DB0673 | |
| Source: | Code function: | 4_2_39DBDE00 | |
| Source: | Code function: | 4_2_3A5F4ED0 | |
| Source: | Code function: | 4_2_3A5F7B78 | |
| Source: | Code function: | 4_2_3A5F8FB0 | |
| Source: | Code function: | 4_2_3A5F1A50 | |
| Source: | Code function: | 4_2_3A5FCE78 | |
| Source: | Code function: | 4_2_3A5F4A78 | |
| Source: | Code function: | 4_2_3A5F6E70 | |
| Source: | Code function: | 4_2_3A5FEE68 | |
| Source: | Code function: | 4_2_3A5F6A18 | |
| Source: | Code function: | 4_2_3A5F4620 | |
| Source: | Code function: | 4_2_3A5F72C8 | |
| Source: | Code function: | 4_2_3A5FF2F8 | |
| Source: | Code function: | 4_2_3A5F1EA8 | |
| Source: | Code function: | 4_2_3A5F2758 | |
| Source: | Code function: | 4_2_3A5FB318 | |
| Source: | Code function: | 4_2_3A5FD308 | |
| Source: | Code function: | 4_2_3A5F2300 | |
| Source: | Code function: | 4_2_3A5F5328 | |
| Source: | Code function: | 4_2_3A5F7720 | |
| Source: | Code function: | 4_2_3A5F5BD8 | |
| Source: | Code function: | 4_2_3A5FD798 | |
| Source: | Code function: | 4_2_3A5FF788 | |
| Source: | Code function: | 4_2_3A5F5780 | |
| Source: | Code function: | 4_2_3A5F2BB0 | |
| Source: | Code function: | 4_2_3A5FB7A8 | |
| Source: | Code function: | 4_2_3A5F0040 | |
| Source: | Code function: | 4_2_3A5F3460 | |
| Source: | Code function: | 4_2_3A5F3008 | |
| Source: | Code function: | 4_2_3A5FBC38 | |
| Source: | Code function: | 4_2_3A5F6030 | |
| Source: | Code function: | 4_2_3A5FDC28 | |
| Source: | Code function: | 4_2_3A5FC0C8 | |
| Source: | Code function: | 4_2_3A5F08F0 | |
| Source: | Code function: | 4_2_3A5F0498 | |
| Source: | Code function: | 4_2_3A5F6488 | |
| Source: | Code function: | 4_2_3A5FB081 | |
| Source: | Code function: | 4_2_3A5FE0B8 | |
| Source: | Code function: | 4_2_3A5FC558 | |
| Source: | Code function: | 4_2_3A5FE548 | |
| Source: | Code function: | 4_2_3A5F0D48 | |
| Source: | Code function: | 4_2_3A5FE9D8 | |
| Source: | Code function: | 4_2_3A5F15F8 | |
| Source: | Code function: | 4_2_3A5FC9E8 | |
| Source: | Code function: | 4_2_3A5F11A0 | |
| Source: | Code function: | 4_2_3A666678 | |
| Source: | Code function: | 4_2_3A665FD8 | |
| Source: | Code function: | 4_2_3A669FD8 | |
| Source: | Code function: | 4_2_3A660960 | |
| Source: | Code function: | 4_2_3A667E60 | |
| Source: | Code function: | 4_2_3A66A968 | |
| Source: | Code function: | 4_2_3A66D470 | |
| Source: | Code function: | 4_2_3A664478 | |
| Source: | Code function: | 4_2_3A660040 | |
| Source: | Code function: | 4_2_3A666B40 | |
| Source: | Code function: | 4_2_3A665B48 | |
| Source: | Code function: | 4_2_3A669648 | |
| Source: | Code function: | 4_2_3A66C150 | |
| Source: | Code function: | 4_2_3A663B58 | |
| Source: | Code function: | 4_2_3A66EC58 | |
| Source: | Code function: | 4_2_3A66F120 | |
| Source: | Code function: | 4_2_3A665228 | |
| Source: | Code function: | 4_2_3A668328 | |
| Source: | Code function: | 4_2_3A66AE30 | |
| Source: | Code function: | 4_2_3A663238 | |
| Source: | Code function: | 4_2_3A66D938 | |
| Source: | Code function: | 4_2_3A66DE00 | |
| Source: | Code function: | 4_2_3A664908 | |
| Source: | Code function: | 4_2_3A667008 | |
| Source: | Code function: | 4_2_3A661710 | |
| Source: | Code function: | 4_2_3A669B10 | |
| Source: | Code function: | 4_2_3A662918 | |
| Source: | Code function: | 4_2_3A66C618 | |
| Source: | Code function: | 4_2_3A66CAE0 | |
| Source: | Code function: | 4_2_3A663FE8 | |
| Source: | Code function: | 4_2_3A66F5E8 | |
| Source: | Code function: | 4_2_3A660DF0 | |
| Source: | Code function: | 4_2_3A6687F0 | |
| Source: | Code function: | 4_2_3A661FF8 | |
| Source: | Code function: | 4_2_3A66B2F8 | |
| Source: | Code function: | 4_2_3A66B7C0 | |
| Source: | Code function: | 4_2_3A6636C8 | |
| Source: | Code function: | 4_2_3A66E2C8 | |
| Source: | Code function: | 4_2_3A6604D0 | |
| Source: | Code function: | 4_2_3A6674D0 | |
| Source: | Code function: | 4_2_3A661BA0 | |
| Source: | Code function: | 4_2_3A66A4A0 | |
| Source: | Code function: | 4_2_3A662DA8 | |
| Source: | Code function: | 4_2_3A66CFA8 | |
| Source: | Code function: | 4_2_3A66FAB0 | |
| Source: | Code function: | 4_2_3A6656B8 | |
| Source: | Code function: | 4_2_3A668CB8 | |
| Source: | Code function: | 4_2_3A661280 | |
| Source: | Code function: | 4_2_3A669180 | |
| Source: | Code function: | 4_2_3A662488 | |
| Source: | Code function: | 4_2_3A66BC88 | |
| Source: | Code function: | 4_2_3A66E790 | |
| Source: | Code function: | 4_2_3A664D98 | |
| Source: | Code function: | 4_2_3A667998 | |
| Source: | Code function: | 4_2_3A691CF0 | |
| Source: | Code function: | 4_2_3A690040 | |
| Source: | Code function: | 4_2_3A691828 | |
| Source: | Code function: | 4_2_3A690E98 | |
| Source: | Code function: | 4_2_3A691360 | |
| Source: | Code function: | 4_2_3A690508 | |
| Source: | Code function: | 4_2_3A6909D0 | |
| Source: | Code function: | 4_2_3A813E70 | |
| Source: | Code function: | 4_2_3A813E60 | |
| Source: | Code function: | 4_2_3A810A10 | |
| Source: | Code function: | 4_2_3A8108DE | |
| Source: | Code function: | 4_2_3A810960 | |
Networking | |
|---|
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052CB | |
| Source: | Code function: | 0_2_0040327D | |
| Source: | Code function: | 4_2_004032B2 | |
| Source: | Code function: | 0_2_00404B08 | |
| Source: | Code function: | 4_2_00404B08 | |
| Source: | Code function: | 4_2_000DC147 | |
| Source: | Code function: | 4_2_000DD278 | |
| Source: | Code function: | 4_2_000D5362 | |
| Source: | Code function: | 4_2_000DC472 | |
| Source: | Code function: | 4_2_000DC738 | |
| Source: | Code function: | 4_2_000DE988 | |
| Source: | Code function: | 4_2_000DCA08 | |
| Source: | Code function: | 4_2_000DCCD8 | |
| Source: | Code function: | 4_2_000D9DE0 | |
| Source: | Code function: | 4_2_000DCFAA | |
| Source: | Code function: | 4_2_000D6FC8 | |
| Source: | Code function: | 4_2_000DE97A | |
| Source: | Code function: | 4_2_000DF974 | |
| Source: | Code function: | 4_2_000D29E0 | |
| Source: | Code function: | 4_2_000D3E09 | |
| Source: | Code function: | 4_2_39DB2968 | |
| Source: | Code function: | 4_2_39DBFC68 | |
| Source: | Code function: | 4_2_39DB5028 | |
| Source: | Code function: | 4_2_39DB17A0 | |
| Source: | Code function: | 4_2_39DB9328 | |
| Source: | Code function: | 4_2_39DB1E80 | |
| Source: | Code function: | 4_2_39DBDDF1 | |
| Source: | Code function: | 4_2_39DBD999 | |
| Source: | Code function: | 4_2_39DBD9A8 | |
| Source: | Code function: | 4_2_39DBD550 | |
| Source: | Code function: | 4_2_39DB9548 | |
| Source: | Code function: | 4_2_39DBD540 | |
| Source: | Code function: | 4_2_39DBD0F8 | |
| Source: | Code function: | 4_2_39DBD0E9 | |
| Source: | Code function: | 4_2_39DBCC8F | |
| Source: | Code function: | 4_2_39DBCCA0 | |
| Source: | Code function: | 4_2_39DB0040 | |
| Source: | Code function: | 4_2_39DB9C18 | |
| Source: | Code function: | 4_2_39DB5018 | |
| Source: | Code function: | 4_2_39DB0012 | |
| Source: | Code function: | 4_2_39DBF810 | |
| Source: | Code function: | 4_2_39DBF805 | |
| Source: | Code function: | 4_2_39DB8B91 | |
| Source: | Code function: | 4_2_39DB178F | |
| Source: | Code function: | 4_2_39DBF3B8 | |
| Source: | Code function: | 4_2_39DBF3A8 | |
| Source: | Code function: | 4_2_39DB8BA0 | |
| Source: | Code function: | 4_2_39DBEF51 | |
| Source: | Code function: | 4_2_39DBEF60 | |
| Source: | Code function: | 4_2_39DBEB08 | |
| Source: | Code function: | 4_2_39DB0B30 | |
| Source: | Code function: | 4_2_39DB0B20 | |
| Source: | Code function: | 4_2_39DBEAF8 | |
| Source: | Code function: | 4_2_39DBE6B0 | |
| Source: | Code function: | 4_2_39DBE6AF | |
| Source: | Code function: | 4_2_39DBE6A0 | |
| Source: | Code function: | 4_2_39DBE258 | |
| Source: | Code function: | 4_2_39DBE257 | |
| Source: | Code function: | 4_2_39DBE24D | |
| Source: | Code function: | 4_2_39DB1E70 | |
| Source: | Code function: | 4_2_39DBDE00 | |
| Source: | Code function: | 4_2_3A5F4ED0 | |
| Source: | Code function: | 4_2_3A5F7B78 | |
| Source: | Code function: | 4_2_3A5F8FB0 | |
| Source: | Code function: | 4_2_3A5F81D0 | |
| Source: | Code function: | 4_2_3A5FEE57 | |
| Source: | Code function: | 4_2_3A5F1A50 | |
| Source: | Code function: | 4_2_3A5F1A4F | |
| Source: | Code function: | 4_2_3A5F1A41 | |
| Source: | Code function: | 4_2_3A5FCE78 | |
| Source: | Code function: | 4_2_3A5F4A78 | |
| Source: | Code function: | 4_2_3A5F6E72 | |
| Source: | Code function: | 4_2_3A5F6E70 | |
| Source: | Code function: | 4_2_3A5FEE68 | |
| Source: | Code function: | 4_2_3A5FCE67 | |
| Source: | Code function: | 4_2_3A5F6A18 | |
| Source: | Code function: | 4_2_3A5F6A07 | |
| Source: | Code function: | 4_2_3A5F4622 | |
| Source: | Code function: | 4_2_3A5F4620 | |
| Source: | Code function: | 4_2_3A5F72CA | |
| Source: | Code function: | 4_2_3A5F72C8 | |
| Source: | Code function: | 4_2_3A5F4EC0 | |
| Source: | Code function: | 4_2_3A5FF2F8 | |
| Source: | Code function: | 4_2_3A5FD2F7 | |
| Source: | Code function: | 4_2_3A5F22F0 | |
| Source: | Code function: | 4_2_3A5FF2E7 | |
| Source: | Code function: | 4_2_3A5F1E98 | |
| Source: | Code function: | 4_2_3A5F1EA8 | |
| Source: | Code function: | 4_2_3A5F2758 | |
| Source: | Code function: | 4_2_3A5F2749 | |
| Source: | Code function: | 4_2_3A5FF778 | |
| Source: | Code function: | 4_2_3A5F5770 | |
| Source: | Code function: | 4_2_3A5F7B69 | |
| Source: | Code function: | 4_2_3A5FB318 | |
| Source: | Code function: | 4_2_3A5FD308 | |
| Source: | Code function: | 4_2_3A5FB307 | |
| Source: | Code function: | 4_2_3A5F2300 | |
| Source: | Code function: | 4_2_3A5F5328 | |
| Source: | Code function: | 4_2_3A5F7722 | |
| Source: | Code function: | 4_2_3A5F7720 | |
| Source: | Code function: | 4_2_3A5F5BD8 | |
| Source: | Code function: | 4_2_3A5F2FF9 | |
| Source: | Code function: | 4_2_3A5FD798 | |
| Source: | Code function: | 4_2_3A5FB798 | |
| Source: | Code function: | 4_2_3A5FF788 | |
| Source: | Code function: | 4_2_3A5FD787 | |
| Source: | Code function: | 4_2_3A5F5780 | |
| Source: | Code function: | 4_2_3A5F2BB0 | |
| Source: | Code function: | 4_2_3A5FB7A8 | |
| Source: | Code function: | 4_2_3A5F2BA0 | |
| Source: | Code function: | 4_2_3A5F8FA0 | |
| Source: | Code function: | 4_2_3A5F3450 | |
| Source: | Code function: | 4_2_3A5F0040 | |
| Source: | Code function: | 4_2_3A5F6478 | |
| Source: | Code function: | 4_2_3A5F3460 | |
| Source: | Code function: | 4_2_3A5FDC19 | |
| Source: | Code function: | 4_2_3A5FFC18 | |
| Source: | Code function: | 4_2_3A5F3008 | |
| Source: | Code function: | 4_2_3A5FBC38 | |
| Source: | Code function: | 4_2_3A5F6030 | |
| Source: | Code function: | 4_2_3A5FBC29 | |
| Source: | Code function: | 4_2_3A5FDC28 | |
| Source: | Code function: | 4_2_3A5F6026 | |
| Source: | Code function: | 4_2_3A5FC0C8 | |
| Source: | Code function: | 4_2_3A5F08F0 | |
| Source: | Code function: | 4_2_3A5F0498 | |
| Source: | Code function: | 4_2_3A5F6488 | |
| Source: | Code function: | 4_2_3A5FE0B8 | |
| Source: | Code function: | 4_2_3A5F38B8 | |
| Source: | Code function: | 4_2_3A5FC0B7 | |
| Source: | Code function: | 4_2_3A5FE0A7 | |
| Source: | Code function: | 4_2_3A5FC558 | |
| Source: | Code function: | 4_2_3A5FE548 | |
| Source: | Code function: | 4_2_3A5F0D48 | |
| Source: | Code function: | 4_2_3A5FC548 | |
| Source: | Code function: | 4_2_3A5FA938 | |
| Source: | Code function: | 4_2_3A5FE538 | |
| Source: | Code function: | 4_2_3A5FA928 | |
| Source: | Code function: | 4_2_3A5FE9D8 | |
| Source: | Code function: | 4_2_3A5FC9D8 | |
| Source: | Code function: | 4_2_3A5FE9C8 | |
| Source: | Code function: | 4_2_3A5F15F8 | |
| Source: | Code function: | 4_2_3A5F15E8 | |
| Source: | Code function: | 4_2_3A5FC9E8 | |
| Source: | Code function: | 4_2_3A5F119F | |
| Source: | Code function: | 4_2_3A5F11A0 | |
| Source: | Code function: | 4_2_3A666678 | |
| Source: | Code function: | 4_2_3A665FD8 | |
| Source: | Code function: | 4_2_3A669FD8 | |
| Source: | Code function: | 4_2_3A660960 | |
| Source: | Code function: | 4_2_3A667E60 | |
| Source: | Code function: | 4_2_3A66D460 | |
| Source: | Code function: | 4_2_3A66A968 | |
| Source: | Code function: | 4_2_3A664468 | |
| Source: | Code function: | 4_2_3A66D470 | |
| Source: | Code function: | 4_2_3A661270 | |
| Source: | Code function: | 4_2_3A669171 | |
| Source: | Code function: | 4_2_3A66E77F | |
| Source: | Code function: | 4_2_3A664478 | |
| Source: | Code function: | 4_2_3A662478 | |
| Source: | Code function: | 4_2_3A66BC78 | |
| Source: | Code function: | 4_2_3A66C144 | |
| Source: | Code function: | 4_2_3A660040 | |
| Source: | Code function: | 4_2_3A666B40 | |
| Source: | Code function: | 4_2_3A665B48 | |
| Source: | Code function: | 4_2_3A669648 | |
| Source: | Code function: | 4_2_3A663B49 | |
| Source: | Code function: | 4_2_3A66EC49 | |
| Source: | Code function: | 4_2_3A66C150 | |
| Source: | Code function: | 4_2_3A660950 | |
| Source: | Code function: | 4_2_3A667E50 | |
| Source: | Code function: | 4_2_3A663B58 | |
| Source: | Code function: | 4_2_3A66EC58 | |
| Source: | Code function: | 4_2_3A66A958 | |
| Source: | Code function: | 4_2_3A66D927 | |
| Source: | Code function: | 4_2_3A66F120 | |
| Source: | Code function: | 4_2_3A665228 | |
| Source: | Code function: | 4_2_3A668328 | |
| Source: | Code function: | 4_2_3A669637 | |
| Source: | Code function: | 4_2_3A66AE30 | |
| Source: | Code function: | 4_2_3A666B30 | |
| Source: | Code function: | 4_2_3A66663E | |
| Source: | Code function: | 4_2_3A663238 | |
| Source: | Code function: | 4_2_3A66D938 | |
| Source: | Code function: | 4_2_3A665B39 | |
| Source: | Code function: | 4_2_3A660006 | |
| Source: | Code function: | 4_2_3A66DE00 | |
| Source: | Code function: | 4_2_3A664908 | |
| Source: | Code function: | 4_2_3A667008 | |
| Source: | Code function: | 4_2_3A66C608 | |
| Source: | Code function: | 4_2_3A661710 | |
| Source: | Code function: | 4_2_3A669B10 | |
| Source: | Code function: | 4_2_3A66F111 | |
| Source: | Code function: | 4_2_3A66AE1F | |
| Source: | Code function: | 4_2_3A662918 | |
| Source: | Code function: | 4_2_3A66C618 | |
| Source: | Code function: | 4_2_3A668318 | |
| Source: | Code function: | 4_2_3A665219 | |
| Source: | Code function: | 4_2_3A66CAE0 | |
| Source: | Code function: | 4_2_3A660DE0 | |
| Source: | Code function: | 4_2_3A6687E0 | |
| Source: | Code function: | 4_2_3A663FE8 | |
| Source: | Code function: | 4_2_3A66F5E8 | |
| Source: | Code function: | 4_2_3A661FE8 | |
| Source: | Code function: | 4_2_3A66B2E8 | |
| Source: | Code function: | 4_2_3A6648F7 | |
| Source: | Code function: | 4_2_3A660DF0 | |
| Source: | Code function: | 4_2_3A6687F0 | |
| Source: | Code function: | 4_2_3A66DDF0 | |
| Source: | Code function: | 4_2_3A6616FF | |
| Source: | Code function: | 4_2_3A669AFF | |
| Source: | Code function: | 4_2_3A666FFB | |
| Source: | Code function: | 4_2_3A661FF8 | |
| Source: | Code function: | 4_2_3A66B2F8 | |
| Source: | Code function: | 4_2_3A665FC7 | |
| Source: | Code function: | 4_2_3A66B7C0 | |
| Source: | Code function: | 4_2_3A6604C0 | |
| Source: | Code function: | 4_2_3A6636C8 | |
| Source: | Code function: | 4_2_3A66E2C8 | |
| Source: | Code function: | 4_2_3A669FC8 | |
| Source: | Code function: | 4_2_3A66F5D7 | |
| Source: | Code function: | 4_2_3A6604D0 | |
| Source: | Code function: | 4_2_3A6674D0 | |
| Source: | Code function: | 4_2_3A66CAD1 | |
| Source: | Code function: | 4_2_3A663FD8 | |
| Source: | Code function: | 4_2_3A66CFA7 | |
| Source: | Code function: | 4_2_3A661BA0 | |
| Source: | Code function: | 4_2_3A66A4A0 | |
| Source: | Code function: | 4_2_3A66FAA0 | |
| Source: | Code function: | 4_2_3A66B7AF | |
| Source: | Code function: | 4_2_3A662DA8 | |
| Source: | Code function: | 4_2_3A66CFA8 | |
| Source: | Code function: | 4_2_3A6656A8 | |
| Source: | Code function: | 4_2_3A668CA9 | |
| Source: | Code function: | 4_2_3A66FAB0 | |
| Source: | Code function: | 4_2_3A6674BF | |
| Source: | Code function: | 4_2_3A6656B8 | |
| Source: | Code function: | 4_2_3A668CB8 | |
| Source: | Code function: | 4_2_3A66E2B8 | |
| Source: | Code function: | 4_2_3A661280 | |
| Source: | Code function: | 4_2_3A669180 | |
| Source: | Code function: | 4_2_3A66A48F | |
| Source: | Code function: | 4_2_3A662488 | |
| Source: | Code function: | 4_2_3A66BC88 | |
| Source: | Code function: | 4_2_3A667988 | |
| Source: | Code function: | 4_2_3A664D89 | |
| Source: | Code function: | 4_2_3A66E790 | |
| Source: | Code function: | 4_2_3A661B91 | |
| Source: | Code function: | 4_2_3A662D9C | |
| Source: | Code function: | 4_2_3A664D98 | |
| Source: | Code function: | 4_2_3A667998 | |
| Source: | Code function: | 4_2_3A6870C0 | |
| Source: | Code function: | 4_2_3A68D710 | |
| Source: | Code function: | 4_2_3A684E60 | |
| Source: | Code function: | 4_2_3A681C60 | |
| Source: | Code function: | 4_2_3A686A70 | |
| Source: | Code function: | 4_2_3A68EE48 | |
| Source: | Code function: | 4_2_3A686440 | |
| Source: | Code function: | 4_2_3A683240 | |
| Source: | Code function: | 4_2_3A680040 | |
| Source: | Code function: | 4_2_3A684820 | |
| Source: | Code function: | 4_2_3A681620 | |
| Source: | Code function: | 4_2_3A685E00 | |
| Source: | Code function: | 4_2_3A682C00 | |
| Source: | Code function: | 4_2_3A685AE0 | |
| Source: | Code function: | 4_2_3A6828E0 | |
| Source: | Code function: | 4_2_3A683EC0 | |
| Source: | Code function: | 4_2_3A680CC0 | |
| Source: | Code function: | 4_2_3A6854A0 | |
| Source: | Code function: | 4_2_3A6822A0 | |
| Source: | Code function: | 4_2_3A683880 | |
| Source: | Code function: | 4_2_3A680680 | |
| Source: | Code function: | 4_2_3A686A80 | |
| Source: | Code function: | 4_2_3A686760 | |
| Source: | Code function: | 4_2_3A683560 | |
| Source: | Code function: | 4_2_3A680360 | |
| Source: | Code function: | 4_2_3A684B40 | |
| Source: | Code function: | 4_2_3A681940 | |
| Source: | Code function: | 4_2_3A686750 | |
| Source: | Code function: | 4_2_3A686120 | |
| Source: | Code function: | 4_2_3A682F20 | |
| Source: | Code function: | 4_2_3A684500 | |
| Source: | Code function: | 4_2_3A681300 | |
| Source: | Code function: | 4_2_3A6841E0 | |
| Source: | Code function: | 4_2_3A680FE0 | |
| Source: | Code function: | 4_2_3A6857C0 | |
| Source: | Code function: | 4_2_3A6825C0 | |
| Source: | Code function: | 4_2_3A680FD0 | |
| Source: | Code function: | 4_2_3A686DA0 | |
| Source: | Code function: | 4_2_3A683BA0 | |
| Source: | Code function: | 4_2_3A6809A0 | |
| Source: | Code function: | 4_2_3A685180 | |
| Source: | Code function: | 4_2_3A681F80 | |
| Source: | Code function: | 4_2_3A698470 | |
| Source: | Code function: | 4_2_3A691CF0 | |
| Source: | Code function: | 4_2_3A69FB30 | |
| Source: | Code function: | 4_2_3A69E870 | |
| Source: | Code function: | 4_2_3A69B670 | |
| Source: | Code function: | 4_2_3A690040 | |
| Source: | Code function: | 4_2_3A699A50 | |
| Source: | Code function: | 4_2_3A69CC50 | |
| Source: | Code function: | 4_2_3A691828 | |
| Source: | Code function: | 4_2_3A69B030 | |
| Source: | Code function: | 4_2_3A69E230 | |
| Source: | Code function: | 4_2_3A690006 | |
| Source: | Code function: | 4_2_3A69C610 | |
| Source: | Code function: | 4_2_3A699410 | |
| Source: | Code function: | 4_2_3A69F810 | |
| Source: | Code function: | 4_2_3A691817 | |
| Source: | Code function: | 4_2_3A691CE0 | |
| Source: | Code function: | 4_2_3A6904F9 | |
| Source: | Code function: | 4_2_3A69F4F0 | |
| Source: | Code function: | 4_2_3A6990F0 | |
| Source: | Code function: | 4_2_3A69C2F0 | |
| Source: | Code function: | 4_2_3A69D8D0 | |
| Source: | Code function: | 4_2_3A69A6D0 | |
| Source: | Code function: | 4_2_3A69BCB0 | |
| Source: | Code function: | 4_2_3A698AB0 | |
| Source: | Code function: | 4_2_3A69EEB0 | |
| Source: | Code function: | 4_2_3A690E8A | |
| Source: | Code function: | 4_2_3A690E98 | |
| Source: | Code function: | 4_2_3A69A090 | |
| Source: | Code function: | 4_2_3A69D290 | |
| Source: | Code function: | 4_2_3A691360 | |
| Source: | Code function: | 4_2_3A693360 | |
| Source: | Code function: | 4_2_3A699D70 | |
| Source: | Code function: | 4_2_3A69CF70 | |
| Source: | Code function: | 4_2_3A691351 | |
| Source: | Code function: | 4_2_3A69E550 | |
| Source: | Code function: | 4_2_3A69B350 | |
| Source: | Code function: | 4_2_3A69C930 | |
| Source: | Code function: | 4_2_3A699730 | |
| Source: | Code function: | 4_2_3A690508 | |
| Source: | Code function: | 4_2_3A69AD10 | |
| Source: | Code function: | 4_2_3A69DF10 | |
| Source: | Code function: | 4_2_3A69DBF0 | |
| Source: | Code function: | 4_2_3A69A9F0 | |
| Source: | Code function: | 4_2_3A69F1D0 | |
| Source: | Code function: | 4_2_3A6909D0 | |
| Source: | Code function: | 4_2_3A698DD0 | |
| Source: | Code function: | 4_2_3A69BFD0 | |
| Source: | Code function: | 4_2_3A6909BF | |
| Source: | Code function: | 4_2_3A69D5B0 | |
| Source: | Code function: | 4_2_3A69A3B0 | |
| Source: | Code function: | 4_2_3A69B990 | |
| Source: | Code function: | 4_2_3A698790 | |
| Source: | Code function: | 4_2_3A69EB90 | |
| Source: | Code function: | 4_2_3A811B50 | |
| Source: | Code function: | 4_2_3A813008 | |
| Source: | Code function: | 4_2_3A8136F0 | |
| Source: | Code function: | 4_2_3A811470 | |
| Source: | Code function: | 4_2_3A812920 | |
| Source: | Code function: | 4_2_3A810D88 | |
| Source: | Code function: | 4_2_3A812238 | |
| Source: | Code function: | 4_2_3A811B3F | |
| Source: | Code function: | 4_2_3A8136E1 | |
| Source: | Code function: | 4_2_3A811460 | |
| Source: | Code function: | 4_2_3A810A10 | |
| Source: | Code function: | 4_2_3A8108DE | |
| Source: | Code function: | 4_2_3A812911 | |
| Source: | Code function: | 4_2_3A810960 | |
| Source: | Code function: | 4_2_3A812FFA | |
| Source: | Code function: | 4_2_3A810D7A | |
| Source: | Code function: | 4_2_3A812229 | |
| Source: | Code function: | 4_2_3A810007 | |
| Source: | Code function: | 4_2_3A810040 | |
| Source: | Code function: | 4_2_3A9038D0 | |
| Source: | Code function: | 4_2_3A901A20 | |
| Source: | Code function: | 4_2_3A909130 | |
| Source: | Code function: | 4_2_3A902638 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0040327D | |
| Source: | Code function: | 4_2_004032B2 | |
| Source: | Code function: | 0_2_0040458C | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | Code function: | 4_2_000D9D55 | |
| Source: | Code function: | 4_2_000D4912 | |
| Source: | Code function: | 4_2_000D4912 | |
| Source: | Code function: | 4_2_000D4922 | |
| Source: | Code function: | 4_2_000D4962 | |
| Source: | Code function: | 4_2_000D4972 | |
| Source: | Code function: | 4_2_000D4982 | |
| Source: | Code function: | 4_2_000D4992 | |
| Source: | Code function: | 4_2_000D4962 | |
| Source: | Code function: | 4_2_39DB4FA5 | |
| Source: | Code function: | 4_2_39DBC6A5 | |
| Source: | Code function: | 4_2_3A9036A7 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406370 | |
| Source: | Code function: | 0_2_0040581E | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 4_2_00406370 | |
| Source: | Code function: | 4_2_0040581E | |
| Source: | Code function: | 4_2_004027FB | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4592 | ||
| Source: | API call chain: | graph_0-4595 | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040604F | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 53% | ReversingLabs | Win32.Spyware.Snakekeylogger | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.185.206 | true | false | unknown | |
| drive.usercontent.google.com | 216.58.206.65 | true | false | unknown | |
| reallyfreegeoip.org | 188.114.96.3 | true | true | unknown | |
| api.telegram.org | 149.154.167.220 | true | true | unknown | |
| checkip.dyndns.com | 132.226.8.169 | true | false | unknown | |
| checkip.dyndns.org | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false |
| unknown | |
| false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
| 142.250.185.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
| 216.58.206.65 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1537095 |
| Start date and time: | 2024-10-18 15:03:04 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Wuerth_factura_4052073226..exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/6@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Wuerth_factura_4052073226..exe
| Time | Type | Description |
|---|---|---|
| 09:05:09 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 132.226.8.169 | Get hash | malicious | Snake Keylogger, XRed | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| 188.114.96.3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | EvilProxy, Fake Captcha, HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| UTMEMUS | Get hash | malicious | Snake Keylogger, XRed | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Python Stealer, CStealer | Browse |
| ||
| Get hash | malicious | Exela Stealer, Python Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Matanbuchus | Browse |
| |
| Get hash | malicious | Matanbuchus | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Snake Keylogger, XRed | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsf6188.tmp\System.dll | Get hash | malicious | GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Remcos | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.656060535507129 |
| Encrypted: | false |
| SSDEEP: | 192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo |
| MD5: | FC3772787EB239EF4D0399680DCC4343 |
| SHA1: | DB2FA99EC967178CD8057A14A428A8439A961A73 |
| SHA-256: | 9B93C61C9D63EF8EC80892CC0E4A0877966DCA9B0C3EB85555CEBD2DDF4D6EED |
| SHA-512: | 79E491CA4591A5DA70116114B7FBB66EE15A0532386035E980C9DFE7AFB59B1F9D9C758891E25BFB45C36B07AFD3E171BAC37A86C887387EF0E80B1EAF296C89 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 207620 |
| Entropy (8bit): | 4.946632445187375 |
| Encrypted: | false |
| SSDEEP: | 3072:CTGpbg/BmM1QgPeK2wpHAwq1BRL8vFOSmdsWtW39LzvSA2Lp/WwcjunAjXod:CTCgEM1YwZAwqT18vseVh2LZXcjuATod |
| MD5: | 7B16E53394F4F4FFD0E7C35379A2293E |
| SHA1: | 29FE76B48F47EE6530307BE96E90948ADF7CF76E |
| SHA-256: | 792F317BC4AF8FB6D76C7BC475FD8E1929F9D8B165593773581BE266A51944DB |
| SHA-512: | 72529E6CF043721B7C91E85A1D74B8AE833F90B4CCFDB781B87D6208C2DE315633F94693A601AEFE130182D4A3964961D4C0597EB575A04C7D293E1CF3C87285 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 437 |
| Entropy (8bit): | 4.221933740198475 |
| Encrypted: | false |
| SSDEEP: | 12:/E5Xf7HmFD+SrvBEXBlO281OKdjZ7BUxptJ:/EdfzMZvBEXHLQdjZ7BUxp7 |
| MD5: | D66DB73C5F70ECF9E205628181597125 |
| SHA1: | 113334F1957B7257E1E13F193CF6B8CBBD86528E |
| SHA-256: | A67ABB08865A81C6DF7F7F8368C51C3E67D1C2BC5C9DE1BC547681E3BAA4B417 |
| SHA-512: | 0E1DF58D9137CE5D3BAFAA3C45A2674EC475878155CC1E434C50652597EFE01E6814F8CF9FA3688B36C538B4B447050DBA06276C977AEBB8C4FFD92B232B91CA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 267001 |
| Entropy (8bit): | 7.696642947433689 |
| Encrypted: | false |
| SSDEEP: | 6144:PCknF5TU1Y+SBnlxsM4/SkyD3HJTan9xBTcrfE8:VFpUG+SBnlAqka8U/ |
| MD5: | 9D64D16EE047BFAC69F3B2FACE04A73B |
| SHA1: | 273A1C62B1A1C0AC3E91F28D7BE0D1C43378B132 |
| SHA-256: | BC409E1EDE84E5868C06A2B73E3ECE79FBF72E61E004CD84A598D20D0A6DE432 |
| SHA-512: | 0994EADBE24EAC5660D478D50445DE0A5867C98962C16E7B248DA41A63F79ED0C7F36FB5358668AD0F37B90B499890DEAF7CA3E339EDD057CA5C6E4C996E7EAD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 305019 |
| Entropy (8bit): | 4.949781373730556 |
| Encrypted: | false |
| SSDEEP: | 6144:eFJ4awIARNAzNCi1dhbiuMhsnxpWl6nhf31Sx4Kq:24Cs8NJpWl6FR |
| MD5: | 58126CECCD4050BCE5859F67637DE1EE |
| SHA1: | A130A906A246F985EA0BE292121D15C4648CDCFD |
| SHA-256: | 670B812EAAE8E8B967956CE5ADE35427586B14360387B38431CDCC34127AF394 |
| SHA-512: | 4AD589D8804DB4D645AA9B3C010F357B76964ED5F76BCEE3029E9BE09BE6DA2C73A07B5F87B26A1D7061D02F0AF0593CDCAAB3129BF9B336E8DB38DF55BB2E96 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 458888 |
| Entropy (8bit): | 4.944223839948125 |
| Encrypted: | false |
| SSDEEP: | 12288:NrD+aAiLaNSLFBa9eBrl9CLb++kCxHw7u:NmadZBcCliDxb |
| MD5: | CD2DF99412676A25675042D7DCB85703 |
| SHA1: | D46F497C4784B4F7CB53221943ADE9EBA9517191 |
| SHA-256: | E20FFB018B127D728280C6CA25C03A6899283A1FE0851756BB5F41B65C63753F |
| SHA-512: | 3D0139C9440CD8384C512EB7C0F59F22B002A6AB73B600E8738A17FAEF173D9AA23FE47E5C017299974E7739081686636BD307747A601CB1341A73EF7AFB43F8 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.916752883833035 |
| TrID: |
|
| File name: | Wuerth_factura_4052073226..exe |
| File size: | 1'085'283 bytes |
| MD5: | 787041cd8d6cd5e63534d1b060889a76 |
| SHA1: | 82da83771130fbe29d2443635757c3cf5c3949c6 |
| SHA256: | 4447fbf1066bc4f640abff84fcac04d0c86664f9823410348a36c280ac80e26d |
| SHA512: | 76c61133334a5c0658a166bf2cbe4d737eb24bd17089622e5ee083b730a7f06d40d4346957890268a94cc7daf7eafe3da3918e4adadf710faca9a7ead36f4330 |
| SSDEEP: | 24576:4l4OsRyZEyJ2zgsJVXRMpYHpiLNutFYTYdk6Tc3:m4O/qyEcwKpDE+YdVTc3 |
| TLSH: | D7351262F618AD80F021B1BA03735AD4D9D88C625667C13DE56B7B7747FA3421A0F33A |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!@G.@...@...@../Oq..@...@/.J@../Os..@...c...@..+F(..@..Rich.@..........PE..L....{.W.................b....:.....}2............@ |
 | |
| Icon Hash: | 4555617171ce332b |
| Entrypoint: | 0x40327d |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x57807BBD [Sat Jul 9 04:21:17 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e2a592076b17ef8bfb48b7e03965a3fc |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007F13D4C7F393h |
| push ebx |
| call 00007F13D4C824D4h |
| cmp eax, ebx |
| je 00007F13D4C7F389h |
| push 00000C00h |
| call eax |
| mov esi, 004082B8h |
| push esi |
| call 00007F13D4C8244Eh |
| push esi |
| call dword ptr [0040815Ch] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F13D4C7F36Ch |
| push ebp |
| push 00000009h |
| call 00007F13D4C824A6h |
| push 00000007h |
| call 00007F13D4C8249Fh |
| mov dword ptr [007A8A24h], eax |
| call dword ptr [0040803Ch] |
| push ebx |
| call dword ptr [004082A4h] |
| mov dword ptr [007A8AD8h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 0079FEE0h |
| call dword ptr [00408188h] |
| push 0040A2C8h |
| push 007A7A20h |
| call 00007F13D4C82088h |
| call dword ptr [004080A8h] |
| mov ebp, 007B3000h |
| push eax |
| push ebp |
| call 00007F13D4C82076h |
| push ebx |
| call dword ptr [00408174h] |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3cd000 | 0x19010 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6154 | 0x6200 | bde81925c04b8b13a9c5dc11c6cbba5f | False | 0.6732700892857143 | data | 6.479248571798096 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x13a4 | 0x1400 | 2fd23f25ba6d052f3a4f032544496f73 | False | 0.453125 | data | 5.162313935974215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x39eb18 | 0x600 | 769652d049c5b87df2f7a3908b2269c6 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x3a9000 | 0x24000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3cd000 | 0x19010 | 0x19200 | bec5dd8ce2a7b3e58db83d1f7c570ee8 | False | 0.2740108053482587 | data | 5.987224279680819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x3cd2f8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.10978350881343901 |
| RT_ICON | 0x3ddb20 | 0x3826 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9819117851676639 |
| RT_ICON | 0x3e1348 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.23226141078838175 |
| RT_ICON | 0x3e38f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.275328330206379 |
| RT_ICON | 0x3e4998 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.3704918032786885 |
| RT_ICON | 0x3e5320 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4441489361702128 |
| RT_DIALOG | 0x3e5788 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x3e5888 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x3e59a8 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x3e5a70 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x3e5ad0 | 0x5a | data | English | United States | 0.7888888888888889 |
| RT_VERSION | 0x3e5b30 | 0x1a0 | data | English | United States | 0.5673076923076923 |
| RT_MANIFEST | 0x3e5cd0 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-18T15:05:08.522734+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49967 | 132.226.8.169 | 80 | TCP |
| 2024-10-18T15:05:10.100838+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49967 | 132.226.8.169 | 80 | TCP |
| 2024-10-18T15:05:10.826742+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49981 | 188.114.96.3 | 443 | TCP |
| 2024-10-18T15:05:11.772839+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49982 | 132.226.8.169 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 18, 2024 15:04:58.177197933 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:58.177253962 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:58.177349091 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:58.187114000 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:58.187144995 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.041354895 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.041443110 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.042007923 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.042067051 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.133265018 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.133306980 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.133586884 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.133657932 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.136466980 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.179433107 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.663057089 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.663269043 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.663532972 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.663585901 CEST | 443 | 49927 | 142.250.185.206 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.663650990 CEST | 49927 | 443 | 192.168.2.5 | 142.250.185.206 |
| Oct 18, 2024 15:04:59.684940100 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:04:59.685000896 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.685086966 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:04:59.685410023 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:04:59.685429096 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:00.555191994 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:00.555394888 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:00.632838011 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:00.632869959 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:00.633182049 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:00.633819103 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:00.671163082 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:00.715409040 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.354027987 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.354125023 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.363024950 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.363137960 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.474550009 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.474679947 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.474848032 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.474848032 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.474886894 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.474944115 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.475065947 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.475123882 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.475132942 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.475188971 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.479290962 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.479348898 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.479393959 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.479446888 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.487970114 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.488034964 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.488046885 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.488096952 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.496855974 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.496928930 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.496939898 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.496994972 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.505609989 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.505640984 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.505660057 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.505672932 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.505686998 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.505731106 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.514470100 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.514528036 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.514540911 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.514588118 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.523345947 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.523422003 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.523431063 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.523478985 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.532193899 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.532268047 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.532279015 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.532327890 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.595102072 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595164061 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595185041 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595205069 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595226049 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595376968 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.595376968 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.595376968 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.595424891 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.595478058 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.595947981 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596009016 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.596018076 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596066952 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.596254110 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596306086 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.596359968 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596404076 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.596410990 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596457005 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.596842051 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.596900940 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.599422932 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.599495888 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.599514961 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.599565983 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.605266094 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.605354071 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.605365992 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.605422020 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.610884905 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.610928059 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.610955954 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.610991001 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.611008883 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.611038923 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.616491079 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.616583109 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.616622925 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.616669893 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.622229099 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.622287035 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.622318029 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.622365952 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.627985001 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.628066063 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.630764008 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.630834103 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.630862951 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.630913973 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.636626959 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.636730909 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.636768103 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.636833906 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.642342091 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.642425060 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.642456055 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.642508984 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.648051023 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.648125887 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.648144007 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.648196936 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.653819084 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.653894901 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.653927088 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.653980970 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.659502029 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.659559011 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.659589052 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.659636974 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.665045023 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.665101051 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.665128946 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.665175915 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.670737028 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.670804977 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.670830011 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.670878887 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.676420927 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.676491976 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715198994 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715256929 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715284109 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715306044 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715303898 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715351105 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715375900 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715375900 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715404034 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715524912 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715560913 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715584993 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715595007 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.715614080 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.715651989 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716006994 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716042995 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716048956 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716058016 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716087103 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716120005 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716125965 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716187000 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716717005 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716751099 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716778994 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716788054 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.716801882 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.716839075 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.719877005 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.719943047 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.719950914 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.719995022 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.725055933 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.725131989 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.725155115 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.725209951 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.728441000 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.728507042 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.728516102 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.728564024 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.731563091 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.731621027 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.731630087 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.731683969 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.734803915 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.734862089 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.735229015 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.735282898 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.738132000 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.738188028 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.738399029 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.738442898 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.741354942 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.741404057 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.741449118 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.741496086 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.744596004 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.744647980 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.744657040 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.744708061 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.747638941 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.747692108 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.747699022 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.747747898 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.750848055 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.750906944 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.750916004 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.750976086 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.753942966 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.754004955 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.754013062 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.754060984 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.759696007 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.759763002 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.759780884 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.759838104 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.760556936 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.760617018 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.760742903 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.760788918 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.763788939 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.763839960 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.763864994 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.763915062 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.765589952 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.765678883 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.765697956 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.765744925 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.768495083 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.768547058 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.768556118 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.768603086 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.771356106 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.771421909 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.771507025 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.771560907 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.774218082 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.774272919 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.774281979 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.774333954 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.777045012 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.777096987 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.777110100 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.777158976 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.779834986 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.779891968 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.779901028 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.779953003 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.782649040 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.782701015 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.782721043 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.782768965 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.785376072 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.785434961 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.785444975 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.785491943 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.788419008 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.788476944 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.788486958 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.788537979 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.790918112 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.790982962 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.790996075 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.791429043 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.793518066 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.793582916 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.793593884 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.793644905 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.796096087 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.796149015 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.796163082 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.796222925 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.798620939 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.798681021 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.798748970 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.798873901 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.801296949 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.801359892 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.801399946 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.801450014 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.804151058 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.804207087 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.804220915 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.804241896 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.804269075 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.804303885 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.806655884 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.806709051 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.806735992 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.806782007 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.809374094 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.809437990 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.809458971 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.809508085 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.811866045 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.811917067 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835259914 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835306883 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835323095 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835333109 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835347891 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835351944 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835406065 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835506916 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835555077 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835700035 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835751057 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835820913 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835875034 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.835887909 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.835971117 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.836137056 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836183071 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.836189985 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836218119 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836239100 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.836242914 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836255074 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836272955 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.836313963 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.836322069 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.836384058 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837079048 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837116957 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837125063 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837132931 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837152958 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837162018 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837208986 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837217093 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837265015 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837663889 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837713957 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.837728977 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.837774038 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.838324070 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.838368893 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.838376045 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.838424921 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.840389967 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.840439081 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.840447903 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.840493917 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.842648029 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.842700958 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.842771053 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.842820883 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.845882893 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.845935106 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.845942974 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.845987082 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.846930027 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.846980095 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.846991062 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.847037077 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.849399090 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.849451065 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.849458933 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.849503994 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.850982904 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.851030111 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.851037979 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.851083994 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.852902889 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.852950096 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.852981091 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.853024960 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.855001926 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.855052948 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.855062008 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.855103970 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.856874943 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.856920004 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.856933117 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.856977940 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.859257936 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.859309912 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.859334946 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.859407902 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.860788107 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.860836983 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.860846996 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.860893011 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.863871098 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.863929033 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.863938093 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.863986969 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.864521980 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.864574909 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.864583015 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.864630938 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.866437912 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.868470907 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.868503094 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.868541956 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.868554115 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.868607044 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.868628979 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.870173931 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.872001886 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.872023106 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.872061968 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.872072935 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.872102976 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.872126102 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.890475035 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:03.890551090 CEST | 443 | 49937 | 216.58.206.65 | 192.168.2.5 |
| Oct 18, 2024 15:05:03.890638113 CEST | 49937 | 443 | 192.168.2.5 | 216.58.206.65 |
| Oct 18, 2024 15:05:05.141840935 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:05.146728992 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:05.146833897 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:05.146992922 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:05.151854992 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:07.949105024 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:07.954602957 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:08.179124117 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:08.185681105 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.185844898 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:08.192436934 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.192711115 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.471262932 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.522733927 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:08.903153896 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:08.903187990 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.903255939 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:08.905642033 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:08.905652046 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.534589052 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.534728050 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:09.563643932 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:09.563652039 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.563925982 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.568772078 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:09.611440897 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.706470013 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.706543922 CEST | 443 | 49980 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:09.706605911 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:09.742670059 CEST | 49980 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:09.776119947 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:09.780962944 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.058052063 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.063079119 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.063113928 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.063178062 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.063632965 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.063646078 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.100837946 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.683737993 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.686063051 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.686078072 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.826726913 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.826833963 CEST | 443 | 49981 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.827037096 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.827438116 CEST | 49981 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:10.830979109 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.832349062 CEST | 49982 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.836098909 CEST | 80 | 49967 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.836179018 CEST | 49967 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.837174892 CEST | 80 | 49982 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:10.837258101 CEST | 49982 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.837328911 CEST | 49982 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:10.842561960 CEST | 80 | 49982 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:11.723584890 CEST | 80 | 49982 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:11.724955082 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:11.725006104 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:11.725095034 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:11.725338936 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:11.725356102 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:11.772839069 CEST | 49982 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:12.376636982 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:12.407593012 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:12.407634020 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:12.545381069 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:12.545479059 CEST | 443 | 49983 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:12.545531034 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:12.553098917 CEST | 49983 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:12.602847099 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:12.607820034 CEST | 80 | 49984 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:12.607928991 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:12.630386114 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:12.635449886 CEST | 80 | 49984 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:14.558490992 CEST | 80 | 49984 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:14.560645103 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:14.560669899 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:14.560929060 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:14.561171055 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:14.561182022 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:14.601061106 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.168509960 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.170898914 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:15.170922995 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.314496040 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.314589024 CEST | 443 | 49985 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.314646006 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:15.315320015 CEST | 49985 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:15.589782953 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.590976954 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.595141888 CEST | 80 | 49984 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.595206976 CEST | 49984 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.595802069 CEST | 80 | 49986 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:15.595879078 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.596071959 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:15.600971937 CEST | 80 | 49986 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:16.489902020 CEST | 80 | 49986 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:16.491928101 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:16.491964102 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:16.492079020 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:16.492404938 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:16.492420912 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:16.538335085 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.424092054 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.426304102 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:17.426323891 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.798333883 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.798566103 CEST | 443 | 49987 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.798631907 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:17.799014091 CEST | 49987 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:17.810347080 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.814100027 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.822716951 CEST | 80 | 49986 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.822776079 CEST | 49986 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.823474884 CEST | 80 | 49988 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:17.823544979 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.823663950 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:17.828823090 CEST | 80 | 49988 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:19.962743998 CEST | 80 | 49988 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:19.964509964 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:19.964541912 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:19.964662075 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:19.964984894 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:19.964998007 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.007088900 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.779366970 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.781410933 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:20.781431913 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.958817005 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.959100008 CEST | 443 | 49989 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.959197998 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:20.959881067 CEST | 49989 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:20.964402914 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.965045929 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.973822117 CEST | 80 | 49988 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.973840952 CEST | 80 | 49990 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:20.973891973 CEST | 49988 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.973942041 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.974062920 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:20.983479023 CEST | 80 | 49990 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:21.974281073 CEST | 80 | 49990 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:21.975977898 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:21.976023912 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:21.976094961 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:21.976406097 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:21.976427078 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.022713900 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.684431076 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.686260939 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:22.686300039 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.880630970 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.880742073 CEST | 443 | 49991 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.880836964 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:22.881529093 CEST | 49991 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:22.885433912 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.886750937 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.902998924 CEST | 80 | 49990 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.903181076 CEST | 49990 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.904349089 CEST | 80 | 49992 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:22.904438972 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.904575109 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:22.921282053 CEST | 80 | 49992 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:24.015551090 CEST | 80 | 49992 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:24.017221928 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:24.017244101 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:24.017358065 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:24.017638922 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:24.017652988 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:24.069818020 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.260061026 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.262191057 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:25.262219906 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.419502020 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.419594049 CEST | 443 | 49993 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.419780970 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:25.420392990 CEST | 49993 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:25.423954010 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.424985886 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.429655075 CEST | 80 | 49992 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.429765940 CEST | 49992 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.430061102 CEST | 80 | 49994 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:25.430290937 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.430449009 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:25.435950041 CEST | 80 | 49994 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:26.748511076 CEST | 80 | 49994 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:26.750102997 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:26.750161886 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:26.750247955 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:26.750533104 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:26.750561953 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:26.804011106 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:27.373378038 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.375236988 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:27.375319958 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.534140110 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.534224987 CEST | 443 | 49995 | 188.114.96.3 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.534486055 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:27.535212994 CEST | 49995 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 18, 2024 15:05:27.573971033 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:27.586345911 CEST | 80 | 49994 | 132.226.8.169 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.586484909 CEST | 49994 | 80 | 192.168.2.5 | 132.226.8.169 |
| Oct 18, 2024 15:05:27.592796087 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:27.592824936 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.592962980 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:27.593458891 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:27.593472004 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.481832027 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.482064009 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:28.484045029 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:28.484066010 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.484328985 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.485780001 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:28.527409077 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.733714104 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.733781099 CEST | 443 | 49996 | 149.154.167.220 | 192.168.2.5 |
| Oct 18, 2024 15:05:28.733963013 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:28.739052057 CEST | 49996 | 443 | 192.168.2.5 | 149.154.167.220 |
| Oct 18, 2024 15:05:34.307156086 CEST | 49982 | 80 | 192.168.2.5 | 132.226.8.169 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 18, 2024 15:04:58.163800001 CEST | 62116 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 18, 2024 15:04:58.171426058 CEST | 53 | 62116 | 1.1.1.1 | 192.168.2.5 |
| Oct 18, 2024 15:04:59.676184893 CEST | 52830 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 18, 2024 15:04:59.684029102 CEST | 53 | 52830 | 1.1.1.1 | 192.168.2.5 |
| Oct 18, 2024 15:05:05.130836010 CEST | 58665 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 18, 2024 15:05:05.138017893 CEST | 53 | 58665 | 1.1.1.1 | 192.168.2.5 |
| Oct 18, 2024 15:05:08.894180059 CEST | 60118 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 18, 2024 15:05:08.902473927 CEST | 53 | 60118 | 1.1.1.1 | 192.168.2.5 |
| Oct 18, 2024 15:05:27.574719906 CEST | 63940 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 18, 2024 15:05:27.591919899 CEST | 53 | 63940 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 18, 2024 15:04:58.163800001 CEST | 192.168.2.5 | 1.1.1.1 | 0xdd99 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 18, 2024 15:04:59.676184893 CEST | 192.168.2.5 | 1.1.1.1 | 0x7a04 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 18, 2024 15:05:05.130836010 CEST | 192.168.2.5 | 1.1.1.1 | 0x9c3c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 18, 2024 15:05:08.894180059 CEST | 192.168.2.5 | 1.1.1.1 | 0x84ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 18, 2024 15:05:27.574719906 CEST | 192.168.2.5 | 1.1.1.1 | 0x9142 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 18, 2024 15:04:58.171426058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdd99 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:04:59.684029102 CEST | 1.1.1.1 | 192.168.2.5 | 0x7a04 | No error (0) | 216.58.206.65 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:05.138017893 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c3c | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:08.902473927 CEST | 1.1.1.1 | 192.168.2.5 | 0x84ec | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:08.902473927 CEST | 1.1.1.1 | 192.168.2.5 | 0x84ec | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 18, 2024 15:05:27.591919899 CEST | 1.1.1.1 | 192.168.2.5 | 0x9142 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49967 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:05.146992922 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:07.949105024 CEST | 275 | IN | |
| Oct 18, 2024 15:05:07.954602957 CEST | 127 | OUT | |
| Oct 18, 2024 15:05:08.179124117 CEST | 127 | OUT | |
| Oct 18, 2024 15:05:08.185681105 CEST | 275 | IN | |
| Oct 18, 2024 15:05:08.471262932 CEST | 275 | IN | |
| Oct 18, 2024 15:05:09.776119947 CEST | 127 | OUT | |
| Oct 18, 2024 15:05:10.058052063 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49982 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:10.837328911 CEST | 127 | OUT | |
| Oct 18, 2024 15:05:11.723584890 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49984 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:12.630386114 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:14.558490992 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49986 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:15.596071959 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:16.489902020 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49988 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:17.823663950 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:19.962743998 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49990 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:20.974062920 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:21.974281073 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49992 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:22.904575109 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:24.015551090 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49994 | 132.226.8.169 | 80 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 18, 2024 15:05:25.430449009 CEST | 151 | OUT | |
| Oct 18, 2024 15:05:26.748511076 CEST | 275 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49927 | 142.250.185.206 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:04:59 UTC | 208 | OUT | |
| 2024-10-18 13:04:59 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49937 | 216.58.206.65 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:00 UTC | 250 | OUT | |
| 2024-10-18 13:05:03 UTC | 4890 | IN | |
| 2024-10-18 13:05:03 UTC | 4890 | IN | |
| 2024-10-18 13:05:03 UTC | 4890 | IN | |
| 2024-10-18 13:05:03 UTC | 26 | IN | |
| 2024-10-18 13:05:03 UTC | 1325 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN | |
| 2024-10-18 13:05:03 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49980 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:09 UTC | 87 | OUT | |
| 2024-10-18 13:05:09 UTC | 702 | IN | |
| 2024-10-18 13:05:09 UTC | 365 | IN | |
| 2024-10-18 13:05:09 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49981 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:10 UTC | 63 | OUT | |
| 2024-10-18 13:05:10 UTC | 708 | IN | |
| 2024-10-18 13:05:10 UTC | 365 | IN | |
| 2024-10-18 13:05:10 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49983 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:12 UTC | 87 | OUT | |
| 2024-10-18 13:05:12 UTC | 714 | IN | |
| 2024-10-18 13:05:12 UTC | 365 | IN | |
| 2024-10-18 13:05:12 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49985 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:15 UTC | 87 | OUT | |
| 2024-10-18 13:05:15 UTC | 890 | IN | |
| 2024-10-18 13:05:15 UTC | 365 | IN | |
| 2024-10-18 13:05:15 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49987 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:17 UTC | 87 | OUT | |
| 2024-10-18 13:05:17 UTC | 704 | IN | |
| 2024-10-18 13:05:17 UTC | 365 | IN | |
| 2024-10-18 13:05:17 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49989 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:20 UTC | 87 | OUT | |
| 2024-10-18 13:05:20 UTC | 700 | IN | |
| 2024-10-18 13:05:20 UTC | 365 | IN | |
| 2024-10-18 13:05:20 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49991 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:22 UTC | 87 | OUT | |
| 2024-10-18 13:05:22 UTC | 706 | IN | |
| 2024-10-18 13:05:22 UTC | 365 | IN | |
| 2024-10-18 13:05:22 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.5 | 49993 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:25 UTC | 87 | OUT | |
| 2024-10-18 13:05:25 UTC | 720 | IN | |
| 2024-10-18 13:05:25 UTC | 365 | IN | |
| 2024-10-18 13:05:25 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.5 | 49995 | 188.114.96.3 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:27 UTC | 87 | OUT | |
| 2024-10-18 13:05:27 UTC | 714 | IN | |
| 2024-10-18 13:05:27 UTC | 365 | IN | |
| 2024-10-18 13:05:27 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.5 | 49996 | 149.154.167.220 | 443 | 3148 | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-18 13:05:28 UTC | 349 | OUT | |
| 2024-10-18 13:05:28 UTC | 344 | IN | |
| 2024-10-18 13:05:28 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:03:53 |
| Start date: | 18/10/2024 |
| Path: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'085'283 bytes |
| MD5 hash: | 787041CD8D6CD5E63534D1B060889A76 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 09:04:43 |
| Start date: | 18/10/2024 |
| Path: | C:\Users\user\Desktop\Wuerth_factura_4052073226..exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'085'283 bytes |
| MD5 hash: | 787041CD8D6CD5E63534D1B060889A76 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 18.7% |
| Dynamic/Decrypted Code Coverage: | 13.7% |
| Signature Coverage: | 20.5% |
| Total number of Nodes: | 1535 |
| Total number of Limit Nodes: | 34 |
Graph
Function 0040327D Relevance: 87.9, APIs: 33, Strings: 17, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052CB Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040604F Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040581E Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403876 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406397 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AE9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040570D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C02 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BDD Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004056D8 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C85 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CB4 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040413D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404126 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403235 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404113 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B08 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040458C Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040428E Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D5C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404158 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A56 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404948 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EFA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059E1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B67 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 7.5% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 9.7% |
| Total number of Nodes: | 113 |
| Total number of Limit Nodes: | 10 |
Graph
Function 39DB5028 Relevance: 8.1, Strings: 4, Instructions: 3069COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DC147 Relevance: 6.5, Strings: 5, Instructions: 231COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5362 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DD278 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DCA08 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DC738 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DCCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DCFAA Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DC472 Relevance: 6.4, Strings: 5, Instructions: 182COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9DE0 Relevance: 6.1, Strings: 4, Instructions: 1145COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6FC8 Relevance: 5.5, Strings: 4, Instructions: 456COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F8EF1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F87A8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A665FD8 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F8FB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB1E70 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68D710 Relevance: .7, Instructions: 745COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB9328 Relevance: .5, Instructions: 528COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F7B78 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A666678 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A669FD8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A691CF0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB2968 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F4ED0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A813E60 Relevance: .3, Instructions: 251COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A813E70 Relevance: .2, Instructions: 247COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB2DB8 Relevance: .2, Instructions: 221COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB2DC8 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB1E80 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB17A0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB310E Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBFC68 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6870C0 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A698470 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A69FB30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB178F Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE97A Relevance: .2, Instructions: 150COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE988 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A665FC7 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66663E Relevance: .1, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A669FC8 Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A691CE0 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D76F1 Relevance: 10.5, Strings: 8, Instructions: 456COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A8196EB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A8196F8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB3A50 Relevance: 7.7, Strings: 6, Instructions: 230COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0CA0 Relevance: 6.8, Strings: 5, Instructions: 539COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB3FE8 Relevance: 6.6, Strings: 5, Instructions: 385COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68E950 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAEBA Relevance: 2.6, Strings: 2, Instructions: 124COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D3CB1 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4351 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4385 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A908F49 Relevance: 1.5, APIs: 1, Instructions: 29comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4790 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A69FB21 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D2790 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB48DA Relevance: 1.3, Strings: 1, Instructions: 83COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9761 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D62F0 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB463C Relevance: 1.3, Strings: 1, Instructions: 60COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE018 Relevance: .6, Instructions: 647COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9A10 Relevance: .2, Instructions: 238COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4A68 Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D80D8 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68D700 Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68D410 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6873E0 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6981E8 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6921B8 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF71F Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DD548 Relevance: .1, Instructions: 141COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D41A0 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DA303 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68FB37 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68FB48 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9C30 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5658 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6873D0 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68D401 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6870AF Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68E588 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A698461 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6921A7 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBFC5A Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8380 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6981EA Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D28F0 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D554 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6300 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD044 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAEF0 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4285 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68EBE2 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB992C Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF640 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D27F0 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4C00 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D54F Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF650 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD03F Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5E98 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB44CF Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB49E0 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB3258 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4640 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB3248 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE8E8 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DABE0 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4C98 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68EB58 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4990 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A68E6A0 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D28B0 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D28AB Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB4A40 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DD6D4 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAFAD Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6748 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032B2 Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 386stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B08 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040581E Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66F120 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A660960 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A664478 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A660040 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A665B48 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A663B58 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A665228 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A663238 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A664908 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A661710 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A662918 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A663FE8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A660DF0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A661FF8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6636C8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6604D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A662DA8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6656B8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A661280 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A662488 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A664D98 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5FCE78 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5FEE68 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5FBC38 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5FDC28 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A810A10 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A8108DE Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A810960 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF2C0 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF52F Relevance: 1.4, Strings: 1, Instructions: 148COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF4AC Relevance: 1.4, Strings: 1, Instructions: 146COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB0B30 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB0040 Relevance: .6, Instructions: 596COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A667E60 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66A968 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66D470 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A666B40 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A669648 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66C150 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66EC58 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A668328 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66AE30 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66D938 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66DE00 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A667008 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A669B10 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66C618 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66CAE0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66F5E8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6687F0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66B2F8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66B7C0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66E2C8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A6674D0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66A4A0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66CFA8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66FAB0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A668CB8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A669180 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66BC88 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A66E790 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A667998 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A661BA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBD9A8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBD550 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBD0F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBCCA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBF810 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBF3B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBEF60 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBEB08 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBE6B0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBE258 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DBDE00 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F1A50 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F0040 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F4A78 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F6E70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F3460 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F6A18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F3008 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F6030 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3A5F4620 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DF974 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB0673 Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 39DB0853 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052CB Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040428E Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403876 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D5C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040327D Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 76comstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040458C Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040604F Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402E7C Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 138memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404158 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A56 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406397 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404948 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EFA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040565B Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1A18 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D2A69 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B67 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|