Edit tour
Windows
Analysis Report
Shave.exe
Overview
General Information
| Sample name: | Shave.exe |
| Analysis ID: | 1562047 |
| MD5: | 51000c141b602569cf44b0f8bec9ecb8 |
| SHA1: | d7b819dbc26b3e66c99d233c5c7fc86492e626dd |
| SHA256: | 5b19a26d6e86bbcd6d454baee6ae7c77f1c4ca6017ad965eb79098308346f383 |
| Tags: | exeGuLoaderuser-abuse_ch |
| Infos: |   |
 | |
Detection
GuLoader, Snake Keylogger, VIP Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "mukesh@cipmach.com", "Password": "mail@2019$", "Host": "mail.cipmach.com", "Port": "587", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| Click to see the 3 entries | ||||
| Source: | Author: frack113: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T07:08:53.389422+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.5 | 49777 | 172.67.177.134 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T07:08:49.051470+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49757 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T07:08:51.707734+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49757 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T07:08:57.145241+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49779 | 193.122.130.0 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T07:08:42.598864+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49751 | 185.244.144.68 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004065DA | |
| Source: | Code function: | 0_2_004059A9 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 3_2_00402868 | |
| Source: | Code function: | 3_2_004065DA | |
| Source: | Code function: | 3_2_004059A9 | |
| Source: | Code function: | 3_2_0015F2C0 | |
| Source: | Code function: | 3_2_0015F4AC | |
| Source: | Code function: | 3_2_0015F52F | |
| Source: | Code function: | 3_2_0015F974 | |
| Source: | Code function: | 3_2_04B0E9D8 | |
| Source: | Code function: | 3_2_04B08FB0 | |
| Source: | Code function: | 3_2_04B07B78 | |
| Source: | Code function: | 3_2_04B0E0B8 | |
| Source: | Code function: | 3_2_04B00498 | |
| Source: | Code function: | 3_2_04B0B081 | |
| Source: | Code function: | 3_2_04B06488 | |
| Source: | Code function: | 3_2_04B008F0 | |
| Source: | Code function: | 3_2_04B0C0C8 | |
| Source: | Code function: | 3_2_04B06030 | |
| Source: | Code function: | 3_2_04B0BC38 | |
| Source: | Code function: | 3_2_04B0DC28 | |
| Source: | Code function: | 3_2_04B03008 | |
| Source: | Code function: | 3_2_04B03460 | |
| Source: | Code function: | 3_2_04B00040 | |
| Source: | Code function: | 3_2_04B011A0 | |
| Source: | Code function: | 3_2_04B015F8 | |
| Source: | Code function: | 3_2_04B0C9E8 | |
| Source: | Code function: | 3_2_04B0C558 | |
| Source: | Code function: | 3_2_04B00D48 | |
| Source: | Code function: | 3_2_04B0E548 | |
| Source: | Code function: | 3_2_04B01EA8 | |
| Source: | Code function: | 3_2_04B0F2F8 | |
| Source: | Code function: | 3_2_04B04ED0 | |
| Source: | Code function: | 3_2_04B072C8 | |
| Source: | Code function: | 3_2_04B04620 | |
| Source: | Code function: | 3_2_04B06A18 | |
| Source: | Code function: | 3_2_04B06E70 | |
| Source: | Code function: | 3_2_04B04A78 | |
| Source: | Code function: | 3_2_04B0CE78 | |
| Source: | Code function: | 3_2_04B0EE68 | |
| Source: | Code function: | 3_2_04B01A50 | |
| Source: | Code function: | 3_2_04B02BB0 | |
| Source: | Code function: | 3_2_04B0B7A8 | |
| Source: | Code function: | 3_2_04B0D798 | |
| Source: | Code function: | 3_2_04B05780 | |
| Source: | Code function: | 3_2_04B0F788 | |
| Source: | Code function: | 3_2_04B05BD8 | |
| Source: | Code function: | 3_2_04B07720 | |
| Source: | Code function: | 3_2_04B05328 | |
| Source: | Code function: | 3_2_04B0B318 | |
| Source: | Code function: | 3_2_04B02300 | |
| Source: | Code function: | 3_2_04B0D308 | |
| Source: | Code function: | 3_2_04B02758 | |
| Source: | Code function: | 3_2_04B36678 | |
| Source: | Code function: | 3_2_04B35FD8 | |
| Source: | Code function: | 3_2_04B3FAB0 | |
| Source: | Code function: | 3_2_04B356B8 | |
| Source: | Code function: | 3_2_04B38CB8 | |
| Source: | Code function: | 3_2_04B3A4A0 | |
| Source: | Code function: | 3_2_04B31280 | |
| Source: | Code function: | 3_2_04B32488 | |
| Source: | Code function: | 3_2_04B3BC88 | |
| Source: | Code function: | 3_2_04B3B2F8 | |
| Source: | Code function: | 3_2_04B3CAE0 | |
| Source: | Code function: | 3_2_04B304D0 | |
| Source: | Code function: | 3_2_04B374D0 | |
| Source: | Code function: | 3_2_04B336C8 | |
| Source: | Code function: | 3_2_04B3E2C8 | |
| Source: | Code function: | 3_2_04B3AE30 | |
| Source: | Code function: | 3_2_04B33238 | |
| Source: | Code function: | 3_2_04B35228 | |
| Source: | Code function: | 3_2_04B3C618 | |
| Source: | Code function: | 3_2_04B3DE00 | |
| Source: | Code function: | 3_2_04B37008 | |
| Source: | Code function: | 3_2_04B3D470 | |
| Source: | Code function: | 3_2_04B34478 | |
| Source: | Code function: | 3_2_04B37E60 | |
| Source: | Code function: | 3_2_04B3EC58 | |
| Source: | Code function: | 3_2_04B30040 | |
| Source: | Code function: | 3_2_04B39648 | |
| Source: | Code function: | 3_2_04B31BA0 | |
| Source: | Code function: | 3_2_04B32DA8 | |
| Source: | Code function: | 3_2_04B3CFA8 | |
| Source: | Code function: | 3_2_04B3E790 | |
| Source: | Code function: | 3_2_04B34D98 | |
| Source: | Code function: | 3_2_04B37998 | |
| Source: | Code function: | 3_2_04B39180 | |
| Source: | Code function: | 3_2_04B30DF0 | |
| Source: | Code function: | 3_2_04B387F0 | |
| Source: | Code function: | 3_2_04B31FF8 | |
| Source: | Code function: | 3_2_04B33FE8 | |
| Source: | Code function: | 3_2_04B3F5E8 | |
| Source: | Code function: | 3_2_04B39FD8 | |
| Source: | Code function: | 3_2_04B3B7C0 | |
| Source: | Code function: | 3_2_04B3D938 | |
| Source: | Code function: | 3_2_04B3F120 | |
| Source: | Code function: | 3_2_04B38328 | |
| Source: | Code function: | 3_2_04B31710 | |
| Source: | Code function: | 3_2_04B39B10 | |
| Source: | Code function: | 3_2_04B32918 | |
| Source: | Code function: | 3_2_04B34908 | |
| Source: | Code function: | 3_2_04B30960 | |
| Source: | Code function: | 3_2_04B3A968 | |
| Source: | Code function: | 3_2_04B3C150 | |
| Source: | Code function: | 3_2_04B33B58 | |
| Source: | Code function: | 3_2_04B36B40 | |
| Source: | Code function: | 3_2_04B35B48 | |
| Source: | Code function: | 3_2_04E41CF0 | |
| Source: | Code function: | 3_2_04E40E98 | |
| Source: | Code function: | 3_2_04E40040 | |
| Source: | Code function: | 3_2_04E41828 | |
| Source: | Code function: | 3_2_04E409D0 | |
| Source: | Code function: | 3_2_04E41360 | |
| Source: | Code function: | 3_2_04E40508 | |
| Source: | Code function: | 3_2_379F50C7 | |
| Source: | Code function: | 3_2_379F0A10 | |
| Source: | Code function: | 3_2_379F0A01 | |
| Source: | Code function: | 3_2_379F0D26 | |
| Source: | Code function: | 3_2_38312968 | |
| Source: | Code function: | 3_2_3831D9A8 | |
| Source: | Code function: | 3_2_38312DC8 | |
| Source: | Code function: | 3_2_3831DE00 | |
| Source: | Code function: | 3_2_3831F810 | |
| Source: | Code function: | 3_2_38310040 | |
| Source: | Code function: | 3_2_3831CCA0 | |
| Source: | Code function: | 3_2_3831D0F8 | |
| Source: | Code function: | 3_2_3831310E | |
| Source: | Code function: | 3_2_3831D550 | |
| Source: | Code function: | 3_2_38312DC2 | |
| Source: | Code function: | 3_2_3831E258 | |
| Source: | Code function: | 3_2_3831E6B0 | |
| Source: | Code function: | 3_2_38310B30 | |
| Source: | Code function: | 3_2_38310B30 | |
| Source: | Code function: | 3_2_3831EB08 | |
| Source: | Code function: | 3_2_3831EF60 | |
| Source: | Code function: | 3_2_3831F3B8 | |
Networking | |
|---|
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040543E | |
| Source: | Code function: | 0_2_0040336C | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404C7B | |
| Source: | Code function: | 0_2_6F971B63 | |
| Source: | Code function: | 3_2_00404C7B | |
| Source: | Code function: | 3_2_0015C19B | |
| Source: | Code function: | 3_2_0015D278 | |
| Source: | Code function: | 3_2_00155362 | |
| Source: | Code function: | 3_2_0015C468 | |
| Source: | Code function: | 3_2_0015C738 | |
| Source: | Code function: | 3_2_0015E988 | |
| Source: | Code function: | 3_2_001569A0 | |
| Source: | Code function: | 3_2_001529E0 | |
| Source: | Code function: | 3_2_0015CA08 | |
| Source: | Code function: | 3_2_0015CCD8 | |
| Source: | Code function: | 3_2_00159DE0 | |
| Source: | Code function: | 3_2_0015CFAC | |
| Source: | Code function: | 3_2_00156FC8 | |
| Source: | Code function: | 3_2_0015F974 | |
| Source: | Code function: | 3_2_0015E97C | |
| Source: | Code function: | 3_2_00153E09 | |
| Source: | Code function: | 3_2_04B081D0 | |
| Source: | Code function: | 3_2_04B0E9D8 | |
| Source: | Code function: | 3_2_04B08FB0 | |
| Source: | Code function: | 3_2_04B07B78 | |
| Source: | Code function: | 3_2_04B0C0B7 | |
| Source: | Code function: | 3_2_04B038B8 | |
| Source: | Code function: | 3_2_04B0E0B8 | |
| Source: | Code function: | 3_2_04B0E0A7 | |
| Source: | Code function: | 3_2_04B00498 | |
| Source: | Code function: | 3_2_04B06488 | |
| Source: | Code function: | 3_2_04B008F0 | |
| Source: | Code function: | 3_2_04B0C0C8 | |
| Source: | Code function: | 3_2_04B06030 | |
| Source: | Code function: | 3_2_04B0BC38 | |
| Source: | Code function: | 3_2_04B0DC28 | |
| Source: | Code function: | 3_2_04B0BC2A | |
| Source: | Code function: | 3_2_04B0FC18 | |
| Source: | Code function: | 3_2_04B0DC19 | |
| Source: | Code function: | 3_2_04B03007 | |
| Source: | Code function: | 3_2_04B03008 | |
| Source: | Code function: | 3_2_04B06478 | |
| Source: | Code function: | 3_2_04B03460 | |
| Source: | Code function: | 3_2_04B03450 | |
| Source: | Code function: | 3_2_04B0345F | |
| Source: | Code function: | 3_2_04B00040 | |
| Source: | Code function: | 3_2_04B011A0 | |
| Source: | Code function: | 3_2_04B01190 | |
| Source: | Code function: | 3_2_04B0119F | |
| Source: | Code function: | 3_2_04B015F7 | |
| Source: | Code function: | 3_2_04B015F8 | |
| Source: | Code function: | 3_2_04B0C9E8 | |
| Source: | Code function: | 3_2_04B015E8 | |
| Source: | Code function: | 3_2_04B0C9D8 | |
| Source: | Code function: | 3_2_04B081C0 | |
| Source: | Code function: | 3_2_04B0E9C8 | |
| Source: | Code function: | 3_2_04B0A938 | |
| Source: | Code function: | 3_2_04B0E538 | |
| Source: | Code function: | 3_2_04B0A928 | |
| Source: | Code function: | 3_2_04B0C558 | |
| Source: | Code function: | 3_2_04B00D48 | |
| Source: | Code function: | 3_2_04B0E548 | |
| Source: | Code function: | 3_2_04B0C548 | |
| Source: | Code function: | 3_2_04B01EA7 | |
| Source: | Code function: | 3_2_04B01EA8 | |
| Source: | Code function: | 3_2_04B01E98 | |
| Source: | Code function: | 3_2_04B022F0 | |
| Source: | Code function: | 3_2_04B0D2F7 | |
| Source: | Code function: | 3_2_04B0F2F8 | |
| Source: | Code function: | 3_2_04B022FF | |
| Source: | Code function: | 3_2_04B0F2E7 | |
| Source: | Code function: | 3_2_04B04ED0 | |
| Source: | Code function: | 3_2_04B072C8 | |
| Source: | Code function: | 3_2_04B072CA | |
| Source: | Code function: | 3_2_04B04620 | |
| Source: | Code function: | 3_2_04B04622 | |
| Source: | Code function: | 3_2_04B06A18 | |
| Source: | Code function: | 3_2_04B06A07 | |
| Source: | Code function: | 3_2_04B06E70 | |
| Source: | Code function: | 3_2_04B06E72 | |
| Source: | Code function: | 3_2_04B04A78 | |
| Source: | Code function: | 3_2_04B0CE78 | |
| Source: | Code function: | 3_2_04B0CE67 | |
| Source: | Code function: | 3_2_04B0EE68 | |
| Source: | Code function: | 3_2_04B01A50 | |
| Source: | Code function: | 3_2_04B0EE57 | |
| Source: | Code function: | 3_2_04B01A41 | |
| Source: | Code function: | 3_2_04B01A4F | |
| Source: | Code function: | 3_2_04B02BB0 | |
| Source: | Code function: | 3_2_04B02BA0 | |
| Source: | Code function: | 3_2_04B08FA1 | |
| Source: | Code function: | 3_2_04B0B7A8 | |
| Source: | Code function: | 3_2_04B02BAF | |
| Source: | Code function: | 3_2_04B0D798 | |
| Source: | Code function: | 3_2_04B0B798 | |
| Source: | Code function: | 3_2_04B05780 | |
| Source: | Code function: | 3_2_04B0D787 | |
| Source: | Code function: | 3_2_04B0F788 | |
| Source: | Code function: | 3_2_04B02FF9 | |
| Source: | Code function: | 3_2_04B05BD8 | |
| Source: | Code function: | 3_2_04B05BCA | |
| Source: | Code function: | 3_2_04B07720 | |
| Source: | Code function: | 3_2_04B07722 | |
| Source: | Code function: | 3_2_04B05328 | |
| Source: | Code function: | 3_2_04B0B318 | |
| Source: | Code function: | 3_2_04B02300 | |
| Source: | Code function: | 3_2_04B0B307 | |
| Source: | Code function: | 3_2_04B0D308 | |
| Source: | Code function: | 3_2_04B07B77 | |
| Source: | Code function: | 3_2_04B0F778 | |
| Source: | Code function: | 3_2_04B07B69 | |
| Source: | Code function: | 3_2_04B02757 | |
| Source: | Code function: | 3_2_04B02758 | |
| Source: | Code function: | 3_2_04B02749 | |
| Source: | Code function: | 3_2_04B36678 | |
| Source: | Code function: | 3_2_04B35FD8 | |
| Source: | Code function: | 3_2_04B3FAB0 | |
| Source: | Code function: | 3_2_04B356B8 | |
| Source: | Code function: | 3_2_04B38CB8 | |
| Source: | Code function: | 3_2_04B336B8 | |
| Source: | Code function: | 3_2_04B3E2B8 | |
| Source: | Code function: | 3_2_04B374BF | |
| Source: | Code function: | 3_2_04B3A4A0 | |
| Source: | Code function: | 3_2_04B3FAA0 | |
| Source: | Code function: | 3_2_04B38CA9 | |
| Source: | Code function: | 3_2_04B356A8 | |
| Source: | Code function: | 3_2_04B3A498 | |
| Source: | Code function: | 3_2_04B31280 | |
| Source: | Code function: | 3_2_04B32488 | |
| Source: | Code function: | 3_2_04B3BC88 | |
| Source: | Code function: | 3_2_04B348F7 | |
| Source: | Code function: | 3_2_04B3B2F8 | |
| Source: | Code function: | 3_2_04B316FF | |
| Source: | Code function: | 3_2_04B3CAE0 | |
| Source: | Code function: | 3_2_04B3B2E8 | |
| Source: | Code function: | 3_2_04B3CAD1 | |
| Source: | Code function: | 3_2_04B304D0 | |
| Source: | Code function: | 3_2_04B374D0 | |
| Source: | Code function: | 3_2_04B304C0 | |
| Source: | Code function: | 3_2_04B336C8 | |
| Source: | Code function: | 3_2_04B3E2C8 | |
| Source: | Code function: | 3_2_04B3AE30 | |
| Source: | Code function: | 3_2_04B39637 | |
| Source: | Code function: | 3_2_04B33238 | |
| Source: | Code function: | 3_2_04B35228 | |
| Source: | Code function: | 3_2_04B3322E | |
| Source: | Code function: | 3_2_04B3C612 | |
| Source: | Code function: | 3_2_04B3C618 | |
| Source: | Code function: | 3_2_04B3AE1F | |
| Source: | Code function: | 3_2_04B3521C | |
| Source: | Code function: | 3_2_04B3DE00 | |
| Source: | Code function: | 3_2_04B30006 | |
| Source: | Code function: | 3_2_04B36609 | |
| Source: | Code function: | 3_2_04B37008 | |
| Source: | Code function: | 3_2_04B3D470 | |
| Source: | Code function: | 3_2_04B31270 | |
| Source: | Code function: | 3_2_04B34478 | |
| Source: | Code function: | 3_2_04B32478 | |
| Source: | Code function: | 3_2_04B3BC78 | |
| Source: | Code function: | 3_2_04B37E60 | |
| Source: | Code function: | 3_2_04B3D460 | |
| Source: | Code function: | 3_2_04B34468 | |
| Source: | Code function: | 3_2_04B36668 | |
| Source: | Code function: | 3_2_04B37E50 | |
| Source: | Code function: | 3_2_04B3EC58 | |
| Source: | Code function: | 3_2_04B30040 | |
| Source: | Code function: | 3_2_04B3EC4A | |
| Source: | Code function: | 3_2_04B39648 | |
| Source: | Code function: | 3_2_04B31BA0 | |
| Source: | Code function: | 3_2_04B3CFA6 | |
| Source: | Code function: | 3_2_04B32DA8 | |
| Source: | Code function: | 3_2_04B3CFA8 | |
| Source: | Code function: | 3_2_04B3B7AF | |
| Source: | Code function: | 3_2_04B31B91 | |
| Source: | Code function: | 3_2_04B3E790 | |
| Source: | Code function: | 3_2_04B34D98 | |
| Source: | Code function: | 3_2_04B37998 | |
| Source: | Code function: | 3_2_04B32D9C | |
| Source: | Code function: | 3_2_04B39180 | |
| Source: | Code function: | 3_2_04B34D89 | |
| Source: | Code function: | 3_2_04B37988 | |
| Source: | Code function: | 3_2_04B30DF0 | |
| Source: | Code function: | 3_2_04B387F0 | |
| Source: | Code function: | 3_2_04B3DDF0 | |
| Source: | Code function: | 3_2_04B36FFA | |
| Source: | Code function: | 3_2_04B31FF8 | |
| Source: | Code function: | 3_2_04B30DE0 | |
| Source: | Code function: | 3_2_04B387E0 | |
| Source: | Code function: | 3_2_04B33FE8 | |
| Source: | Code function: | 3_2_04B3F5E8 | |
| Source: | Code function: | 3_2_04B31FE8 | |
| Source: | Code function: | 3_2_04B39FD0 | |
| Source: | Code function: | 3_2_04B3F5D7 | |
| Source: | Code function: | 3_2_04B39FD8 | |
| Source: | Code function: | 3_2_04B33FD8 | |
| Source: | Code function: | 3_2_04B3B7C0 | |
| Source: | Code function: | 3_2_04B35FC7 | |
| Source: | Code function: | 3_2_04B36B30 | |
| Source: | Code function: | 3_2_04B35B39 | |
| Source: | Code function: | 3_2_04B3D938 | |
| Source: | Code function: | 3_2_04B3F120 | |
| Source: | Code function: | 3_2_04B3D927 | |
| Source: | Code function: | 3_2_04B38328 | |
| Source: | Code function: | 3_2_04B3F111 | |
| Source: | Code function: | 3_2_04B31710 | |
| Source: | Code function: | 3_2_04B39B10 | |
| Source: | Code function: | 3_2_04B38319 | |
| Source: | Code function: | 3_2_04B32918 | |
| Source: | Code function: | 3_2_04B39B0A | |
| Source: | Code function: | 3_2_04B34908 | |
| Source: | Code function: | 3_2_04B3290E | |
| Source: | Code function: | 3_2_04B39171 | |
| Source: | Code function: | 3_2_04B3E77F | |
| Source: | Code function: | 3_2_04B30960 | |
| Source: | Code function: | 3_2_04B3A968 | |
| Source: | Code function: | 3_2_04B3C150 | |
| Source: | Code function: | 3_2_04B30950 | |
| Source: | Code function: | 3_2_04B33B58 | |
| Source: | Code function: | 3_2_04B3A958 | |
| Source: | Code function: | 3_2_04B3C142 | |
| Source: | Code function: | 3_2_04B36B40 | |
| Source: | Code function: | 3_2_04B35B48 | |
| Source: | Code function: | 3_2_04B33B4E | |
| Source: | Code function: | 3_2_04B570C0 | |
| Source: | Code function: | 3_2_04B5D710 | |
| Source: | Code function: | 3_2_04B554A0 | |
| Source: | Code function: | 3_2_04B522A0 | |
| Source: | Code function: | 3_2_04B53880 | |
| Source: | Code function: | 3_2_04B50680 | |
| Source: | Code function: | 3_2_04B56A80 | |
| Source: | Code function: | 3_2_04B55AE0 | |
| Source: | Code function: | 3_2_04B528E0 | |
| Source: | Code function: | 3_2_04B53EC0 | |
| Source: | Code function: | 3_2_04B50CC0 | |
| Source: | Code function: | 3_2_04B50036 | |
| Source: | Code function: | 3_2_04B54820 | |
| Source: | Code function: | 3_2_04B51620 | |
| Source: | Code function: | 3_2_04B55E00 | |
| Source: | Code function: | 3_2_04B52C00 | |
| Source: | Code function: | 3_2_04B54E60 | |
| Source: | Code function: | 3_2_04B51C60 | |
| Source: | Code function: | 3_2_04B56440 | |
| Source: | Code function: | 3_2_04B53240 | |
| Source: | Code function: | 3_2_04B50040 | |
| Source: | Code function: | 3_2_04B5EE48 | |
| Source: | Code function: | 3_2_04B56DA0 | |
| Source: | Code function: | 3_2_04B53BA0 | |
| Source: | Code function: | 3_2_04B509A0 | |
| Source: | Code function: | 3_2_04B55180 | |
| Source: | Code function: | 3_2_04B51F80 | |
| Source: | Code function: | 3_2_04B541E0 | |
| Source: | Code function: | 3_2_04B50FE0 | |
| Source: | Code function: | 3_2_04B541D0 | |
| Source: | Code function: | 3_2_04B557C0 | |
| Source: | Code function: | 3_2_04B525C0 | |
| Source: | Code function: | 3_2_04B599C8 | |
| Source: | Code function: | 3_2_04B56120 | |
| Source: | Code function: | 3_2_04B52F20 | |
| Source: | Code function: | 3_2_04B54500 | |
| Source: | Code function: | 3_2_04B51300 | |
| Source: | Code function: | 3_2_04B56760 | |
| Source: | Code function: | 3_2_04B53560 | |
| Source: | Code function: | 3_2_04B50360 | |
| Source: | Code function: | 3_2_04B50350 | |
| Source: | Code function: | 3_2_04B56750 | |
| Source: | Code function: | 3_2_04B54B40 | |
| Source: | Code function: | 3_2_04B51940 | |
| Source: | Code function: | 3_2_04B59740 | |
| Source: | Code function: | 3_2_04E41CF0 | |
| Source: | Code function: | 3_2_04E48470 | |
| Source: | Code function: | 3_2_04E4FB30 | |
| Source: | Code function: | 3_2_04E41CE0 | |
| Source: | Code function: | 3_2_04E4F4F0 | |
| Source: | Code function: | 3_2_04E490F0 | |
| Source: | Code function: | 3_2_04E4C2F0 | |
| Source: | Code function: | 3_2_04E404FA | |
| Source: | Code function: | 3_2_04E4D8D0 | |
| Source: | Code function: | 3_2_04E4A6D0 | |
| Source: | Code function: | 3_2_04E4BCB0 | |
| Source: | Code function: | 3_2_04E48AB0 | |
| Source: | Code function: | 3_2_04E4EEB0 | |
| Source: | Code function: | 3_2_04E40E8B | |
| Source: | Code function: | 3_2_04E4A090 | |
| Source: | Code function: | 3_2_04E4D290 | |
| Source: | Code function: | 3_2_04E40E98 | |
| Source: | Code function: | 3_2_04E4E870 | |
| Source: | Code function: | 3_2_04E4B670 | |
| Source: | Code function: | 3_2_04E4A07F | |
| Source: | Code function: | 3_2_04E40040 | |
| Source: | Code function: | 3_2_04E4CC41 | |
| Source: | Code function: | 3_2_04E49A50 | |
| Source: | Code function: | 3_2_04E4CC50 | |
| Source: | Code function: | 3_2_04E41828 | |
| Source: | Code function: | 3_2_04E4B030 | |
| Source: | Code function: | 3_2_04E4E230 | |
| Source: | Code function: | 3_2_04E41817 | |
| Source: | Code function: | 3_2_04E4C610 | |
| Source: | Code function: | 3_2_04E49410 | |
| Source: | Code function: | 3_2_04E4F810 | |
| Source: | Code function: | 3_2_04E4001A | |
| Source: | Code function: | 3_2_04E4DBF0 | |
| Source: | Code function: | 3_2_04E4A9F0 | |
| Source: | Code function: | 3_2_04E4F1D0 | |
| Source: | Code function: | 3_2_04E409D0 | |
| Source: | Code function: | 3_2_04E48DD0 | |
| Source: | Code function: | 3_2_04E4BFD0 | |
| Source: | Code function: | 3_2_04E4D5B0 | |
| Source: | Code function: | 3_2_04E4A3B0 | |
| Source: | Code function: | 3_2_04E409BF | |
| Source: | Code function: | 3_2_04E4B990 | |
| Source: | Code function: | 3_2_04E48790 | |
| Source: | Code function: | 3_2_04E4EB90 | |
| Source: | Code function: | 3_2_04E41360 | |
| Source: | Code function: | 3_2_04E43360 | |
| Source: | Code function: | 3_2_04E49D70 | |
| Source: | Code function: | 3_2_04E4CF70 | |
| Source: | Code function: | 3_2_04E4E550 | |
| Source: | Code function: | 3_2_04E4B350 | |
| Source: | Code function: | 3_2_04E41351 | |
| Source: | Code function: | 3_2_04E4C930 | |
| Source: | Code function: | 3_2_04E49730 | |
| Source: | Code function: | 3_2_04E40508 | |
| Source: | Code function: | 3_2_04E4AD10 | |
| Source: | Code function: | 3_2_04E4DF10 | |
| Source: | Code function: | 3_2_379F0D88 | |
| Source: | Code function: | 3_2_379F5CB6 | |
| Source: | Code function: | 3_2_379F3FB2 | |
| Source: | Code function: | 3_2_379F36F0 | |
| Source: | Code function: | 3_2_379F3008 | |
| Source: | Code function: | 3_2_379F2238 | |
| Source: | Code function: | 3_2_379F2920 | |
| Source: | Code function: | 3_2_379F1B50 | |
| Source: | Code function: | 3_2_379F1470 | |
| Source: | Code function: | 3_2_379F2FF8 | |
| Source: | Code function: | 3_2_379F36E1 | |
| Source: | Code function: | 3_2_379F2911 | |
| Source: | Code function: | 3_2_379F0A10 | |
| Source: | Code function: | 3_2_379F0006 | |
| Source: | Code function: | 3_2_379F0A01 | |
| Source: | Code function: | 3_2_379F1B3F | |
| Source: | Code function: | 3_2_379F2229 | |
| Source: | Code function: | 3_2_379F0040 | |
| Source: | Code function: | 3_2_379F0D78 | |
| Source: | Code function: | 3_2_379F1460 | |
| Source: | Code function: | 3_2_38315028 | |
| Source: | Code function: | 3_2_3831FC68 | |
| Source: | Code function: | 3_2_38312968 | |
| Source: | Code function: | 3_2_3831D9A8 | |
| Source: | Code function: | 3_2_3831DE00 | |
| Source: | Code function: | 3_2_38311E80 | |
| Source: | Code function: | 3_2_38319328 | |
| Source: | Code function: | 3_2_383117A0 | |
| Source: | Code function: | 3_2_38315020 | |
| Source: | Code function: | 3_2_3831F810 | |
| Source: | Code function: | 3_2_38310012 | |
| Source: | Code function: | 3_2_38319C18 | |
| Source: | Code function: | 3_2_38310040 | |
| Source: | Code function: | 3_2_3831CCA0 | |
| Source: | Code function: | 3_2_3831D0F8 | |
| Source: | Code function: | 3_2_3831D550 | |
| Source: | Code function: | 3_2_38319548 | |
| Source: | Code function: | 3_2_3831D999 | |
| Source: | Code function: | 3_2_3831DDF1 | |
| Source: | Code function: | 3_2_3831DDFF | |
| Source: | Code function: | 3_2_38311E70 | |
| Source: | Code function: | 3_2_3831E257 | |
| Source: | Code function: | 3_2_3831E258 | |
| Source: | Code function: | 3_2_3831E24A | |
| Source: | Code function: | 3_2_3831E6B0 | |
| Source: | Code function: | 3_2_3831E6A0 | |
| Source: | Code function: | 3_2_3831E6AF | |
| Source: | Code function: | 3_2_38310B30 | |
| Source: | Code function: | 3_2_38310B20 | |
| Source: | Code function: | 3_2_3831EB08 | |
| Source: | Code function: | 3_2_3831EF60 | |
| Source: | Code function: | 3_2_3831EF51 | |
| Source: | Code function: | 3_2_3831F3B8 | |
| Source: | Code function: | 3_2_38318BA0 | |
| Source: | Code function: | 3_2_3831C3AE | |
| Source: | Code function: | 3_2_38318B91 | |
| Source: | Code function: | 3_2_3831178F | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0040336C | |
| Source: | Code function: | 0_2_004046FF | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_6F971B63 | |
| Source: | Code function: | 0_2_6F972FFE | |
| Source: | Code function: | 3_2_004020F2 | |
| Source: | Code function: | 3_2_00159D55 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_004065DA | |
| Source: | Code function: | 0_2_004059A9 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 3_2_00402868 | |
| Source: | Code function: | 3_2_004065DA | |
| Source: | Code function: | 3_2_004059A9 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4365 | ||
| Source: | API call chain: | graph_0-4518 | ||
| Source: | Code function: | 0_2_6F971B63 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040336C | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 215 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 3 Obfuscated Files or Information | Security Account Manager | 21 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | 1 Clipboard Data | 1 Non-Standard Port | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Masquerading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 3 Non-Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | 24 Application Layer Protocol | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 46% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 4% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| mertvinc.com.tr | 185.244.144.68 | true | false | high | |
| reallyfreegeoip.org | 172.67.177.134 | true | false | high | |
| mail.cipmach.com | 199.79.63.24 | true | true |
| unknown |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.130.0 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 185.244.144.68 | mertvinc.com.tr | Turkey | 199608 | BIRBIRTR | false | |
| 199.79.63.24 | mail.cipmach.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | true | |
| 193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1562047 |
| Start date and time: | 2024-11-25 07:07:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 23s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Shave.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/5@7/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Shave.exe, PID 7044 because it is empty
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 01:08:50 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | Amadey, XWorm | Browse | |||
| 185.244.144.68 | Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Azorult, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Azorult, GuLoader | Browse |
| ||
| 199.79.63.24 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| 193.122.130.0 | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| mertvinc.com.tr | Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Azorult, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| BIRBIRTR | Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Azorult, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Amadey, Credential Flusher, Cryptbot, JasonRAT, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Binder HackTool, Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsa5D43.tmp\System.dll | Get hash | malicious | Discord Token Stealer, GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\bayberry\krselsretningerne\Dacryocystitis.Sku69
Download File
| Process: | C:\Users\user\Desktop\Shave.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 426485 |
| Entropy (8bit): | 6.941782967507925 |
| Encrypted: | false |
| SSDEEP: | 12288:XSqP0nz1acv+IypUi2YgJEI9fXsnAW8svlsAcyEZHT:XSqP0nz1acv+IypUi2Y81BXs0YsA7aT |
| MD5: | 2A58FD1E922CDF96470BA55FBE42B1DF |
| SHA1: | E92E2EF16C14279E19A91C017665338048044A1C |
| SHA-256: | 16CE17CFD5B53B1998B6E70E6BEBD375EB1425434A63B81FD299D0C3228FB478 |
| SHA-512: | DA35D40463348E17CEA2E8444F64323C2AFB5621BFBDA27F88C24E29A9B04E2A2C67F1AF99510A6AB01A83A3E7A333E304B06C6DF98DEE0BE8BDB52E34BF5FE1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\bayberry\krselsretningerne\Sipunculoidea.ude
Download File
| Process: | C:\Users\user\Desktop\Shave.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286686 |
| Entropy (8bit): | 1.2536158727628404 |
| Encrypted: | false |
| SSDEEP: | 768:3zbnVKpXfwz53wppkaub35azZSECekyln9KUXjJrv5YQ1ujVNDYb3ezsIhWCUiSL:KH4hI9iE3sLB9pXYzlkOYFWf9 |
| MD5: | 99A5E2E2953D0374F1E23FF8B0B6773F |
| SHA1: | 5FC3F9C3638DD60012AB2F2ECDD016912BBDB9F3 |
| SHA-256: | 3D1233CB89AD10CCC6972697279A3741F6031E05D32738E9B34D37A230C0F84A |
| SHA-512: | 1B002C12EAB187B0246483C5F3B0758DC84BCC884E1120A17B0412DFD349972DB5DA04E154AE21D405BA33BBD0C29AADFA7D1BF4D50347146D6DFCCBBD8DA94A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\bayberry\krselsretningerne\moccasins.ved
Download File
| Process: | C:\Users\user\Desktop\Shave.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73531 |
| Entropy (8bit): | 1.2569404898190384 |
| Encrypted: | false |
| SSDEEP: | 384:dVICOgr5CpPXeGASSCorJvHtPvpwqcQ+5pPZg71l4oLuZK52Oc410+RaL7VomsEa:dVcPX7U1R9mPZgx1hn32+emD40rd |
| MD5: | 22148562A5A87FF1BECCAE5E77D87142 |
| SHA1: | D1B04F09ACFC146855AA02A8C530AA8A45DF3F24 |
| SHA-256: | B09EF713D0920E9671DA35332C6DAE7C1E12BE409A7077D6CA3E07938F9C08E9 |
| SHA-512: | 3F96B2ABED75C8EA941E45BB3835EF4D5FC92C5C5F829A738641FD398D88BB838E7C22A0F5F998BF387A5CE4ADC77EECAA049BCFB1A9ADD476871C871D58E811 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\bayberry\krselsretningerne\sporostrote.dip
Download File
| Process: | C:\Users\user\Desktop\Shave.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 220203 |
| Entropy (8bit): | 1.262001836842358 |
| Encrypted: | false |
| SSDEEP: | 768:EBCX3JLNVpAeI+EgywY0Szqqv3ib1RuU7thllrhAKF3+O1jaJgMH8JHuHR6qTSIT:EkLjwqF1z1MoqyH |
| MD5: | F8A828CA56113806A25802FF2AF74282 |
| SHA1: | B016C4258BD1F9A19989E0C6B7AB993ED02DF96F |
| SHA-256: | 95941451FFB946693877FBD721001ACC32FE70D75EA68CAB1756B3ADF77DCFF4 |
| SHA-512: | 6725AA09040FAC962CCFF2EF9897FB6F3F3706FE60D8C55A69CB9E0C21362B3C8C186C573D647C0A50438686D6035361A4A20138C451E641D507BD1218D1E079 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Shave.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.890541747176257 |
| Encrypted: | false |
| SSDEEP: | 192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV |
| MD5: | 75ED96254FBF894E42058062B4B4F0D1 |
| SHA1: | 996503F1383B49021EB3427BC28D13B5BBD11977 |
| SHA-256: | A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7 |
| SHA-512: | 58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.735301237874728 |
| TrID: |
|
| File name: | Shave.exe |
| File size: | 549'424 bytes |
| MD5: | 51000c141b602569cf44b0f8bec9ecb8 |
| SHA1: | d7b819dbc26b3e66c99d233c5c7fc86492e626dd |
| SHA256: | 5b19a26d6e86bbcd6d454baee6ae7c77f1c4ca6017ad965eb79098308346f383 |
| SHA512: | 8b38516298e15002a228424f926552b9abc06fb7fb0da94d78a48fea4c0a861fc5bdbcdf9db733f9644a480b4099d237cd70531b8afa11879562d71dd7ee2283 |
| SSDEEP: | 6144:9lgvTRHy2nGlwzQ7LA+CB+f6tb9PTPgN++6aCUYvIRN3JGrYJfXvk0OFP2lmBLoE:32EI+CnhxC+JaWSRlXMPL6TEHmd3ZhZ8 |
| TLSH: | 0FC4E051F15DE8E7F51B26B18C7ED5301497AA6C95AC420E32AA361A64F335310AFF0F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....oZ.................d....:.... |
 | |
| Icon Hash: | 38206a6a62666429 |
| Entrypoint: | 0x40336c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5A6FED1F [Tue Jan 30 03:57:19 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080A8h] |
| call dword ptr [004080A4h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [007A8A2Ch], eax |
| je 00007FEFB87ECCF3h |
| push ebx |
| call 00007FEFB87EFFA5h |
| cmp eax, ebx |
| je 00007FEFB87ECCE9h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007FEFB87EFF1Fh |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007FEFB87ECCCCh |
| push 0000000Ah |
| call 00007FEFB87EFF78h |
| push 00000008h |
| call 00007FEFB87EFF71h |
| push 00000006h |
| mov dword ptr [007A8A24h], eax |
| call 00007FEFB87EFF65h |
| cmp eax, ebx |
| je 00007FEFB87ECCF1h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007FEFB87ECCE9h |
| or byte ptr [007A8A2Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [007A8AF8h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 0079FEE0h |
| call dword ptr [00408188h] |
| push 0040A2C8h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3c7000 | 0x17000 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6400 | 0x6400 | eed0986138e3ef22dbb386f4760a55c0 | False | 0.6783203125 | data | 6.511089687733535 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x138e | 0x1400 | 2914bac53cd4485c9822093463e4eea6 | False | 0.4509765625 | data | 5.146454805063938 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x39eb38 | 0x600 | 09e0c528682cd2747c63b7ba39c2cc23 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x3a9000 | 0x1e000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3c7000 | 0x17000 | 0x17000 | c8f8279129ad38fd03ee7b50a97e5aea | False | 0.21903659986413043 | data | 5.096977274603887 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x3c7388 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x3c76f0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.16976221459836743 |
| RT_ICON | 0x3d7f18 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.32863070539419087 |
| RT_ICON | 0x3da4c0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.42424953095684803 |
| RT_ICON | 0x3db568 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.30730277185501065 |
| RT_ICON | 0x3dc410 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.32445848375451264 |
| RT_ICON | 0x3dccb8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.2579479768786127 |
| RT_ICON | 0x3dd220 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.6374113475177305 |
| RT_DIALOG | 0x3dd688 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x3dd7d0 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x3dd910 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x3dda10 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x3ddb30 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x3ddbf8 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x3ddc58 | 0x68 | data | English | United States | 0.7211538461538461 |
| RT_MANIFEST | 0x3ddcc0 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T07:08:42.598864+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.5 | 49751 | 185.244.144.68 | 80 | TCP |
| 2024-11-25T07:08:49.051470+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49757 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T07:08:51.707734+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49757 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T07:08:53.389422+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.5 | 49777 | 172.67.177.134 | 443 | TCP |
| 2024-11-25T07:08:57.145241+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49779 | 193.122.130.0 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 25, 2024 07:08:41.047117949 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:41.166784048 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:41.166865110 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:41.167156935 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:41.286597013 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.598359108 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.598864079 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.598884106 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.598901987 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.598913908 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.598927021 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599013090 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.599153042 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599208117 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599217892 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599289894 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.599359989 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599371910 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.599431038 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.718547106 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.718559980 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.718651056 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.728070974 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.728158951 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.728193998 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.728271008 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.730550051 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.730576038 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.730622053 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.809710979 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.809844017 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.810019970 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.813602924 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.813654900 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.813762903 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.821976900 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.822093010 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.822153091 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.822232962 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.830359936 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.830468893 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.830518961 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.830609083 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.838726044 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.838789940 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.838825941 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.838881016 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.847086906 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.847196102 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.847204924 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.847284079 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.855458021 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.855532885 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.855566978 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.855679035 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.863096952 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.863166094 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.863193035 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.863249063 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.870773077 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.870835066 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.870846987 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.871037960 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.878473043 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.878567934 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.938560963 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.938646078 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.938697100 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.938755989 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.942394018 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.942457914 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.942497015 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.942573071 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:42.950011015 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:42.950078964 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.019999027 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.020138025 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.020148039 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.020279884 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.022531033 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.022639990 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.022707939 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.027667046 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.027755022 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.027803898 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.027863979 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.032696009 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.032769918 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.032769918 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.032825947 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.037673950 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.037875891 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.037961960 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.042790890 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.042951107 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.043044090 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.047836065 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.047933102 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.048027992 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.052881956 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.052998066 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.053105116 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.058166027 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.058363914 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.058439970 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.062962055 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.063250065 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.063345909 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.068084002 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.068173885 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.068258047 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.073156118 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.073282003 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.073286057 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.073349953 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.077855110 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.077991962 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.078077078 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.082595110 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.082616091 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.082722902 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.087443113 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.087615013 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.087707043 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.092152119 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.092237949 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.092331886 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.096875906 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.096905947 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.097002029 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.101512909 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.104796886 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.149189949 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.149327993 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.149405956 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.151576042 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.151640892 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.151707888 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.151812077 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.156364918 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.156476021 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.156548023 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.161026955 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.161092997 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.161158085 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.165811062 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.165908098 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.165966988 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.170516968 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.172771931 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.230423927 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.230520964 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.230550051 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.230628014 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.231918097 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.231985092 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.231992006 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.232053995 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.235162020 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.235229969 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.235279083 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.235363007 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.237958908 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.238038063 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.238081932 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.238136053 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.241003036 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.241070032 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.241209984 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.241257906 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.244062901 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.244147062 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.244174957 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.244252920 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.247061968 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.247119904 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.247165918 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.247211933 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.250088930 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.250145912 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.250189066 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.250230074 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.253134012 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.253196955 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.253252029 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.253315926 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.256169081 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.256190062 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.256217957 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.256243944 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.259144068 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.259308100 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.259337902 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.259368896 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.262207985 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.262258053 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.262309074 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.262482882 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.265189886 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.265244007 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.265326977 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.265383959 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.268256903 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.268309116 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.268733978 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.268788099 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.271230936 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.271281958 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.271358013 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.271405935 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.274446011 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.274502993 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.274594069 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.274652958 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.277288914 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.277353048 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.277400017 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.277446032 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.280066967 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.280117989 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.280163050 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.280214071 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.282669067 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.282723904 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.282839060 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.282892942 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.285259962 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.285280943 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.285336018 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.285336971 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.288424969 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.288481951 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.288566113 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.288626909 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.290369034 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.290424109 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.290503025 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.290549994 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.292871952 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.292932987 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.292942047 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.292989016 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.295357943 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.295417070 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.295454979 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.295504093 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.297882080 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.297935009 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.360733032 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.360796928 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.360908031 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.361984968 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.362085104 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.362405062 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.362483025 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.362531900 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.362597942 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.364943027 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.365039110 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.365066051 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.365117073 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.367472887 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.367542028 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.367578983 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.367645979 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.369988918 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.370069981 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.370111942 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.370182037 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.372560978 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.372608900 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.372636080 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.372668028 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.375060081 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.375135899 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.375174046 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.375232935 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.377551079 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.377619982 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.377662897 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.377741098 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.380080938 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.380161047 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.380162001 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.380214930 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.382599115 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.382679939 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.399923086 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.400022984 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.400070906 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.400132895 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.441131115 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.441204071 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.441245079 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.441287041 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.441859961 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.441931963 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.441971064 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.442034960 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.443670034 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.443734884 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.443790913 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.443845987 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.445493937 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.445563078 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.445600033 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.445657015 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.447335958 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.447403908 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.447441101 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.447505951 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.449142933 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.449202061 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.449269056 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.449326038 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.450963020 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.451020002 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.451097965 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.451160908 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.452822924 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.452879906 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.452925920 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.452997923 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.454633951 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.454700947 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.454740047 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.454802990 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.456420898 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.456490040 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.456582069 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.456633091 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.458240032 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.458329916 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.458332062 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.458390951 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.460078955 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.460165024 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.460170984 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.460225105 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.461879969 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.461951971 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.461991072 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.462063074 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.463706017 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.463774920 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.463807106 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.463879108 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.465528011 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.465596914 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.465643883 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.465708971 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.467462063 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.467511892 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.467673063 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.467730999 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.469217062 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.469269991 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.469357014 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.469409943 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.470999002 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.471056938 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.471091986 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.471142054 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.473058939 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.473124027 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.473201036 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.473252058 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.474663019 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.474730015 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.474767923 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.474839926 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.476454020 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.476514101 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.476555109 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.476619005 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.478286982 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.478346109 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.478390932 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.478441954 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.480101109 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.480159998 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.480169058 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.480212927 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.481887102 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.481952906 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.482074022 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.482122898 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.483741045 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.483803034 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.483876944 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.483930111 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.485584021 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.485649109 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.485677004 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.485728979 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.487369061 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.487436056 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.487473011 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.487519026 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.489214897 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.489283085 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.489343882 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.489453077 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.491137028 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.491200924 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.491236925 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.491295099 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.492845058 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.492909908 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.493062019 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.493124008 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.494685888 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.494756937 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.494781017 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.494836092 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.496480942 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.496543884 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.496712923 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.496768951 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.498239994 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.498292923 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.498445034 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.498495102 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.500196934 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.500255108 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.500324011 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.500375032 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.501929045 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.502037048 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.502063990 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.502140045 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.503712893 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.503801107 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.503855944 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.503935099 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.505533934 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.505598068 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.505712032 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.505764961 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.507360935 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.507417917 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.507456064 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.507522106 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:43.509114027 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:43.509176970 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:44.496153116 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:44.616455078 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:44.616797924 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:44.617152929 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:44.736517906 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:48.664309978 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:48.668427944 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:48.787942886 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:49.011686087 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:49.051470041 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:49.512783051 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:49.512824059 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:49.512904882 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:49.525090933 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:49.525110960 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:50.833847046 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:50.833928108 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:50.840512037 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:50.840545893 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:50.840862989 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:50.889857054 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:50.931339025 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.290860891 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.290923119 CET | 443 | 49771 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.290967941 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:51.297472000 CET | 49771 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:51.303636074 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:51.423131943 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.666965961 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.669145107 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:51.669173956 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.669235945 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:51.669495106 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:51.669512033 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:51.707734108 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:52.926265955 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:52.928733110 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:52.928800106 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.389440060 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.389524937 CET | 443 | 49777 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.389584064 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:53.390019894 CET | 49777 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:53.393361092 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:53.394454002 CET | 49779 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:53.513222933 CET | 80 | 49757 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.513294935 CET | 49757 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:53.513942957 CET | 80 | 49779 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.514012098 CET | 49779 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:53.514131069 CET | 49779 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:53.532586098 CET | 80 | 49751 | 185.244.144.68 | 192.168.2.5 |
| Nov 25, 2024 07:08:53.532670021 CET | 49751 | 80 | 192.168.2.5 | 185.244.144.68 |
| Nov 25, 2024 07:08:53.633529902 CET | 80 | 49779 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:57.096506119 CET | 80 | 49779 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:57.097814083 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:57.097848892 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:57.097922087 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:57.098181963 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:57.098196983 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:57.145241022 CET | 49779 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:58.401362896 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:58.404525042 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:58.404547930 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:58.863354921 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:58.863425970 CET | 443 | 49790 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:08:58.863512039 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:58.863926888 CET | 49790 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:08:58.883029938 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:59.002578974 CET | 80 | 49796 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:08:59.002758026 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:59.003117085 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:08:59.122575998 CET | 80 | 49796 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:00.533708096 CET | 80 | 49796 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:00.535398960 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:00.535444975 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:00.535515070 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:00.535758972 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:00.535773039 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:00.582757950 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:01.034914970 CET | 80 | 49796 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:01.034982920 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.170547009 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.171996117 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:02.172019005 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.625159979 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.625226974 CET | 443 | 49801 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.625329971 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:02.625725031 CET | 49801 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:02.629108906 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.630039930 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.748961926 CET | 80 | 49796 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.749521017 CET | 80 | 49805 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:02.749602079 CET | 49796 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.749629974 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.749855042 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:02.869960070 CET | 80 | 49805 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:04.541706085 CET | 80 | 49805 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:04.543123960 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:04.543174028 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:04.543243885 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:04.543679953 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:04.543695927 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:04.582755089 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:05.847841024 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:05.849845886 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:05.849883080 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:06.314585924 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:06.314660072 CET | 443 | 49811 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:06.314723015 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:06.315248013 CET | 49811 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:06.319096088 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:06.320168972 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:06.438947916 CET | 80 | 49805 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:06.439062119 CET | 49805 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:06.439599991 CET | 80 | 49816 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:06.439678907 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:06.439815998 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:06.559273005 CET | 80 | 49816 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:10.335251093 CET | 80 | 49816 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:10.336802006 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:10.336862087 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:10.336940050 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:10.337219954 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:10.337240934 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:10.379710913 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:11.548507929 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:11.550617933 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:11.550662994 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:11.995457888 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:11.995537996 CET | 443 | 49827 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:11.995590925 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:12.008347034 CET | 49827 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:12.098777056 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:12.107125044 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:12.218674898 CET | 80 | 49816 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:12.218760014 CET | 49816 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:12.226608992 CET | 80 | 49830 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:12.226684093 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:12.230806112 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:12.350347042 CET | 80 | 49830 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:16.540504932 CET | 80 | 49830 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:16.541815042 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:16.541877985 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:16.541944027 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:16.542177916 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:16.542195082 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:16.582726002 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:17.799243927 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:17.800733089 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:17.800786018 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:18.370050907 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:18.370142937 CET | 443 | 49840 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:18.370223999 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:18.370585918 CET | 49840 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:18.373733044 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:18.374833107 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:18.493511915 CET | 80 | 49830 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:18.493618965 CET | 49830 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:18.494298935 CET | 80 | 49846 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:18.494379044 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:18.494518042 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:18.613933086 CET | 80 | 49846 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:19.742892981 CET | 80 | 49846 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:19.744410992 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:19.744448900 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:19.744519949 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:19.744769096 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:19.744790077 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:19.785995007 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.001828909 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.003448009 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:21.003470898 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.456033945 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.456087112 CET | 443 | 49851 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.456130981 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:21.456535101 CET | 49851 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:21.459453106 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.460468054 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.579404116 CET | 80 | 49846 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.579483032 CET | 49846 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.579973936 CET | 80 | 49857 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:21.580037117 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.580137014 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:21.699582100 CET | 80 | 49857 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:23.377048969 CET | 80 | 49857 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:23.378365993 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:23.378407955 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:23.378488064 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:23.378731966 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:23.378747940 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:23.426517010 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:24.635885000 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:24.637440920 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:24.637527943 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.091128111 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.091197014 CET | 443 | 49859 | 172.67.177.134 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.091267109 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:25.115351915 CET | 49859 | 443 | 192.168.2.5 | 172.67.177.134 |
| Nov 25, 2024 07:09:25.145390987 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:25.265171051 CET | 80 | 49857 | 193.122.130.0 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.265228987 CET | 49857 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:25.284524918 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:25.284553051 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.284615993 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:25.284990072 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:25.285003901 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:26.762130022 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:26.762227058 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:26.763967991 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:26.763978958 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:26.764202118 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:26.765729904 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:26.807333946 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:27.283773899 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:27.283838034 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.5 |
| Nov 25, 2024 07:09:27.283885002 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:27.287926912 CET | 49865 | 443 | 192.168.2.5 | 149.154.167.220 |
| Nov 25, 2024 07:09:32.935693026 CET | 49779 | 80 | 192.168.2.5 | 193.122.130.0 |
| Nov 25, 2024 07:09:34.283971071 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:34.403430939 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:34.407120943 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:35.713319063 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:35.713610888 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:35.833054066 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:36.107814074 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:36.108850002 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:36.228426933 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:36.503189087 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:36.503429890 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:36.623008013 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.025199890 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.025454998 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:37.145052910 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.421365976 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.421561003 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:37.541027069 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.854011059 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:37.854224920 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:37.973777056 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.252501965 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.253101110 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:38.253148079 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:38.253189087 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:38.253202915 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:38.372525930 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.372545958 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.372800112 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.372812986 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.752681017 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:38.754858017 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:38.874293089 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:39.350253105 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:39.350368977 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:39.350442886 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:39.350442886 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:39.351444960 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:39.469870090 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:39.470885992 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:39.470978022 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:40.791296959 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:40.791568995 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:40.911108971 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:41.186019897 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:41.186201096 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:41.305798054 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:41.580845118 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:41.581089020 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:41.700645924 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.012026072 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.012243986 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:42.132164955 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.406829119 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.406996965 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:42.526535034 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.838032007 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:42.838196039 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:42.957676888 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.232280970 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.233573914 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233644962 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233670950 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233705997 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233752966 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233783007 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233807087 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233830929 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233850956 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.233875990 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:43.353053093 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353080034 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353111982 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353202105 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353318930 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353331089 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353339911 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353385925 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353396893 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.353405952 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.636759996 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:43.676608086 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:45.156111956 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:45.275593042 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:45.751384020 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:45.751548052 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:45.751571894 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:45.751599073 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:45.752625942 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:45.871001005 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:45.872076035 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:45.872154951 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:47.061172962 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:47.061311960 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:47.180888891 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:47.437448978 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:47.437622070 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:47.557056904 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.019036055 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.019325018 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:48.139138937 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.397633076 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.397772074 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:48.517406940 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.773571968 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:48.777089119 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:48.896881104 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.209161997 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.209316015 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.328788042 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.585128069 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.585431099 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.585535049 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.585572004 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.585587978 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.585777998 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:49.704925060 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.705013037 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.705028057 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.705037117 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:49.705141068 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.068130970 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.069581032 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:50.189016104 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.646209002 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.646322966 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:50.646363020 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.646410942 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:50.647236109 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:50.765918970 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.766822100 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:50.766920090 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:52.019323111 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:52.019478083 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:52.139410019 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:52.403913975 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:52.404251099 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:52.523727894 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:52.788863897 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:52.807799101 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:52.927331924 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:53.194047928 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:53.194350004 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:53.313815117 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:53.578747034 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:53.578918934 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:53.698388100 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.016118050 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.017061949 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.136554003 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.401535034 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.405173063 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405239105 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405239105 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405282974 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405375004 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405375004 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405375004 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.405431986 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Nov 25, 2024 07:09:54.524626970 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.524682045 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.524693012 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.524888039 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.524898052 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.524908066 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.525023937 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.525033951 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.525042057 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.525053978 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.799392939 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 |
| Nov 25, 2024 07:09:54.848511934 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 25, 2024 07:08:39.852623940 CET | 55205 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:08:40.866555929 CET | 55205 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:08:41.037673950 CET | 53 | 55205 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:08:41.037687063 CET | 53 | 55205 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:08:44.351557016 CET | 56135 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:08:44.490278959 CET | 53 | 56135 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:08:49.371078014 CET | 61004 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:08:49.511991978 CET | 53 | 61004 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:09:25.145935059 CET | 63834 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:09:25.283875942 CET | 53 | 63834 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:09:33.158169985 CET | 62852 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:09:34.160964966 CET | 62852 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 25, 2024 07:09:34.282994032 CET | 53 | 62852 | 1.1.1.1 | 192.168.2.5 |
| Nov 25, 2024 07:09:34.297743082 CET | 53 | 62852 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 25, 2024 07:08:39.852623940 CET | 192.168.2.5 | 1.1.1.1 | 0x9df6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:08:40.866555929 CET | 192.168.2.5 | 1.1.1.1 | 0x9df6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:08:44.351557016 CET | 192.168.2.5 | 1.1.1.1 | 0x43c9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:08:49.371078014 CET | 192.168.2.5 | 1.1.1.1 | 0x77b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:09:25.145935059 CET | 192.168.2.5 | 1.1.1.1 | 0x6bb0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:09:33.158169985 CET | 192.168.2.5 | 1.1.1.1 | 0x2825 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 07:09:34.160964966 CET | 192.168.2.5 | 1.1.1.1 | 0x2825 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 25, 2024 07:08:41.037673950 CET | 1.1.1.1 | 192.168.2.5 | 0x9df6 | No error (0) | 185.244.144.68 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:41.037687063 CET | 1.1.1.1 | 192.168.2.5 | 0x9df6 | No error (0) | 185.244.144.68 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:44.490278959 CET | 1.1.1.1 | 192.168.2.5 | 0x43c9 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:49.511991978 CET | 1.1.1.1 | 192.168.2.5 | 0x77b5 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:08:49.511991978 CET | 1.1.1.1 | 192.168.2.5 | 0x77b5 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:09:25.283875942 CET | 1.1.1.1 | 192.168.2.5 | 0x6bb0 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:09:34.282994032 CET | 1.1.1.1 | 192.168.2.5 | 0x2825 | No error (0) | 199.79.63.24 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 07:09:34.297743082 CET | 1.1.1.1 | 192.168.2.5 | 0x2825 | No error (0) | 199.79.63.24 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49751 | 185.244.144.68 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:08:41.167156935 CET | 182 | OUT | |
| Nov 25, 2024 07:08:42.598359108 CET | 299 | IN | |
| Nov 25, 2024 07:08:42.598884106 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.598901987 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.598913908 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.598927021 CET | 492 | IN | |
| Nov 25, 2024 07:08:42.599153042 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.599208117 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.599217892 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.599359989 CET | 492 | IN | |
| Nov 25, 2024 07:08:42.599371910 CET | 1236 | IN | |
| Nov 25, 2024 07:08:42.718547106 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49757 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:08:44.617152929 CET | 151 | OUT | |
| Nov 25, 2024 07:08:48.664309978 CET | 320 | IN | |
| Nov 25, 2024 07:08:48.668427944 CET | 127 | OUT | |
| Nov 25, 2024 07:08:49.011686087 CET | 320 | IN | |
| Nov 25, 2024 07:08:51.303636074 CET | 127 | OUT | |
| Nov 25, 2024 07:08:51.666965961 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49779 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:08:53.514131069 CET | 127 | OUT | |
| Nov 25, 2024 07:08:57.096506119 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49796 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:08:59.003117085 CET | 151 | OUT | |
| Nov 25, 2024 07:09:00.533708096 CET | 320 | IN | |
| Nov 25, 2024 07:09:01.034914970 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49805 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:09:02.749855042 CET | 151 | OUT | |
| Nov 25, 2024 07:09:04.541706085 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49816 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:09:06.439815998 CET | 151 | OUT | |
| Nov 25, 2024 07:09:10.335251093 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49830 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:09:12.230806112 CET | 151 | OUT | |
| Nov 25, 2024 07:09:16.540504932 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49846 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:09:18.494518042 CET | 151 | OUT | |
| Nov 25, 2024 07:09:19.742892981 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49857 | 193.122.130.0 | 80 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 07:09:21.580137014 CET | 151 | OUT | |
| Nov 25, 2024 07:09:23.377048969 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49771 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:08:50 UTC | 84 | OUT | |
| 2024-11-25 06:08:51 UTC | 849 | IN | |
| 2024-11-25 06:08:51 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49777 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:08:52 UTC | 60 | OUT | |
| 2024-11-25 06:08:53 UTC | 847 | IN | |
| 2024-11-25 06:08:53 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49790 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:08:58 UTC | 84 | OUT | |
| 2024-11-25 06:08:58 UTC | 855 | IN | |
| 2024-11-25 06:08:58 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49801 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:02 UTC | 84 | OUT | |
| 2024-11-25 06:09:02 UTC | 855 | IN | |
| 2024-11-25 06:09:02 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49811 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:05 UTC | 84 | OUT | |
| 2024-11-25 06:09:06 UTC | 852 | IN | |
| 2024-11-25 06:09:06 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49827 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:11 UTC | 84 | OUT | |
| 2024-11-25 06:09:11 UTC | 853 | IN | |
| 2024-11-25 06:09:11 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49840 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:17 UTC | 84 | OUT | |
| 2024-11-25 06:09:18 UTC | 859 | IN | |
| 2024-11-25 06:09:18 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49851 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:20 UTC | 84 | OUT | |
| 2024-11-25 06:09:21 UTC | 857 | IN | |
| 2024-11-25 06:09:21 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49859 | 172.67.177.134 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:24 UTC | 84 | OUT | |
| 2024-11-25 06:09:25 UTC | 855 | IN | |
| 2024-11-25 06:09:25 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.5 | 49865 | 149.154.167.220 | 443 | 7044 | C:\Users\user\Desktop\Shave.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 06:09:26 UTC | 349 | OUT | |
| 2024-11-25 06:09:27 UTC | 344 | IN | |
| 2024-11-25 06:09:27 UTC | 55 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Nov 25, 2024 07:09:35.713319063 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 220-bh-58.webhostbox.net ESMTP Exim 4.96.2 #2 Mon, 25 Nov 2024 11:39:35 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
| Nov 25, 2024 07:09:35.713610888 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | EHLO 899552 |
| Nov 25, 2024 07:09:36.107814074 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 250-bh-58.webhostbox.net Hello 899552 [8.46.123.75] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
| Nov 25, 2024 07:09:36.108850002 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | AUTH login bXVrZXNoQGNpcG1hY2guY29t |
| Nov 25, 2024 07:09:36.503189087 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 334 UGFzc3dvcmQ6 |
| Nov 25, 2024 07:09:37.025199890 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 235 Authentication succeeded |
| Nov 25, 2024 07:09:37.025454998 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | MAIL FROM:<mukesh@cipmach.com> |
| Nov 25, 2024 07:09:37.421365976 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 250 OK |
| Nov 25, 2024 07:09:37.421561003 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | RCPT TO:<py.thonk@yandex.com> |
| Nov 25, 2024 07:09:37.854011059 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 250 Accepted |
| Nov 25, 2024 07:09:37.854224920 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | DATA |
| Nov 25, 2024 07:09:38.252501965 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 354 Enter message, ending with "." on a line by itself |
| Nov 25, 2024 07:09:38.253202915 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | . |
| Nov 25, 2024 07:09:38.752681017 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 250 OK id=1tFSHy-000O7a-0A |
| Nov 25, 2024 07:09:38.754858017 CET | 49886 | 587 | 192.168.2.5 | 199.79.63.24 | QUIT |
| Nov 25, 2024 07:09:39.350253105 CET | 587 | 49886 | 199.79.63.24 | 192.168.2.5 | 221 bh-58.webhostbox.net closing connection |
| Nov 25, 2024 07:09:40.791296959 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 220-bh-58.webhostbox.net ESMTP Exim 4.96.2 #2 Mon, 25 Nov 2024 11:39:40 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
| Nov 25, 2024 07:09:40.791568995 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | EHLO 899552 |
| Nov 25, 2024 07:09:41.186019897 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 250-bh-58.webhostbox.net Hello 899552 [8.46.123.75] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
| Nov 25, 2024 07:09:41.186201096 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | AUTH login bXVrZXNoQGNpcG1hY2guY29t |
| Nov 25, 2024 07:09:41.580845118 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 334 UGFzc3dvcmQ6 |
| Nov 25, 2024 07:09:42.012026072 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 235 Authentication succeeded |
| Nov 25, 2024 07:09:42.012243986 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | MAIL FROM:<mukesh@cipmach.com> |
| Nov 25, 2024 07:09:42.406829119 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 250 OK |
| Nov 25, 2024 07:09:42.406996965 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | RCPT TO:<py.thonk@yandex.com> |
| Nov 25, 2024 07:09:42.838032007 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 250 Accepted |
| Nov 25, 2024 07:09:42.838196039 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | DATA |
| Nov 25, 2024 07:09:43.232280970 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 354 Enter message, ending with "." on a line by itself |
| Nov 25, 2024 07:09:43.233875990 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | . |
| Nov 25, 2024 07:09:43.636759996 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 250 OK id=1tFSI3-000OA6-07 |
| Nov 25, 2024 07:09:45.156111956 CET | 49898 | 587 | 192.168.2.5 | 199.79.63.24 | QUIT |
| Nov 25, 2024 07:09:45.751384020 CET | 587 | 49898 | 199.79.63.24 | 192.168.2.5 | 221 bh-58.webhostbox.net closing connection |
| Nov 25, 2024 07:09:47.061172962 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 220-bh-58.webhostbox.net ESMTP Exim 4.96.2 #2 Mon, 25 Nov 2024 11:39:46 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
| Nov 25, 2024 07:09:47.061311960 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | EHLO 899552 |
| Nov 25, 2024 07:09:47.437448978 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 250-bh-58.webhostbox.net Hello 899552 [8.46.123.75] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
| Nov 25, 2024 07:09:47.437622070 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | AUTH login bXVrZXNoQGNpcG1hY2guY29t |
| Nov 25, 2024 07:09:48.019036055 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 334 UGFzc3dvcmQ6 |
| Nov 25, 2024 07:09:48.397633076 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 235 Authentication succeeded |
| Nov 25, 2024 07:09:48.397772074 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | MAIL FROM:<mukesh@cipmach.com> |
| Nov 25, 2024 07:09:48.773571968 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 250 OK |
| Nov 25, 2024 07:09:48.777089119 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | RCPT TO:<py.thonk@yandex.com> |
| Nov 25, 2024 07:09:49.209161997 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 250 Accepted |
| Nov 25, 2024 07:09:49.209316015 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | DATA |
| Nov 25, 2024 07:09:49.585128069 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 354 Enter message, ending with "." on a line by itself |
| Nov 25, 2024 07:09:49.585777998 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | . |
| Nov 25, 2024 07:09:50.068130970 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 250 OK id=1tFSI9-000OD1-1H |
| Nov 25, 2024 07:09:50.069581032 CET | 49913 | 587 | 192.168.2.5 | 199.79.63.24 | QUIT |
| Nov 25, 2024 07:09:50.646209002 CET | 587 | 49913 | 199.79.63.24 | 192.168.2.5 | 221 bh-58.webhostbox.net closing connection |
| Nov 25, 2024 07:09:52.019323111 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 220-bh-58.webhostbox.net ESMTP Exim 4.96.2 #2 Mon, 25 Nov 2024 11:39:51 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
| Nov 25, 2024 07:09:52.019478083 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | EHLO 899552 |
| Nov 25, 2024 07:09:52.403913975 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 250-bh-58.webhostbox.net Hello 899552 [8.46.123.75] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
| Nov 25, 2024 07:09:52.404251099 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | AUTH login bXVrZXNoQGNpcG1hY2guY29t |
| Nov 25, 2024 07:09:52.788863897 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 334 UGFzc3dvcmQ6 |
| Nov 25, 2024 07:09:53.194047928 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 235 Authentication succeeded |
| Nov 25, 2024 07:09:53.194350004 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | MAIL FROM:<mukesh@cipmach.com> |
| Nov 25, 2024 07:09:53.578747034 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 250 OK |
| Nov 25, 2024 07:09:53.578918934 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | RCPT TO:<py.thonk@yandex.com> |
| Nov 25, 2024 07:09:54.016118050 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 250 Accepted |
| Nov 25, 2024 07:09:54.017061949 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | DATA |
| Nov 25, 2024 07:09:54.401535034 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 354 Enter message, ending with "." on a line by itself |
| Nov 25, 2024 07:09:54.405431986 CET | 49925 | 587 | 192.168.2.5 | 199.79.63.24 | . |
| Nov 25, 2024 07:09:54.799392939 CET | 587 | 49925 | 199.79.63.24 | 192.168.2.5 | 250 OK id=1tFSIE-000OFW-0f |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 01:07:58 |
| Start date: | 25/11/2024 |
| Path: | C:\Users\user\Desktop\Shave.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 549'424 bytes |
| MD5 hash: | 51000C141B602569CF44B0F8BEC9ECB8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 01:08:29 |
| Start date: | 25/11/2024 |
| Path: | C:\Users\user\Desktop\Shave.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 549'424 bytes |
| MD5 hash: | 51000C141B602569CF44B0F8BEC9ECB8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.2% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 19.5% |
| Total number of Nodes: | 1562 |
| Total number of Limit Nodes: | 39 |
Graph
Function 0040336C Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C7B Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F971B63 Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059A9 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403987 Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B9 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406601 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405273 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FFA Relevance: 4.6, APIs: 3, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 56libraryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F972A74 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D8D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D68 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040584B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E10 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E3F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F972997 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404243 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403324 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040543E Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004046FF Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043CD Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EE3 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404275 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404BC9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F97256D Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9718DD Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F972398 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F971621 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ABB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406165 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9710E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CF2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001529E0 Relevance: 8.2, Strings: 6, Instructions: 685COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155362 Relevance: 6.4, Strings: 5, Instructions: 195COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015C468 Relevance: 6.4, Strings: 5, Instructions: 191COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015C19B Relevance: 6.4, Strings: 5, Instructions: 188COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015D278 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015CA08 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015CCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015C738 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015CFAC Relevance: 6.4, Strings: 5, Instructions: 185COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156FC8 Relevance: 5.5, Strings: 4, Instructions: 451COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38315028 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F5CB6 Relevance: 3.6, Strings: 2, Instructions: 1110COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F3FB2 Relevance: 3.6, Strings: 2, Instructions: 1102COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001569A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B081D0 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B35FD8 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B0E9D8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08FB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5D710 Relevance: .7, Instructions: 745COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38319328 Relevance: .5, Instructions: 532COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B07B78 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B36678 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E41CF0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38312968 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831D9A8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831DE00 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0D88 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F3008 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F2238 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F2920 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F1B50 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38312DC8 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38311E80 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F1470 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F36F0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 383117A0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38312DC2 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831310E Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831FC68 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B570C0 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E48470 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E4FB30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F36E1 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F1460 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831178F Relevance: .2, Instructions: 165COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015E97C Relevance: .1, Instructions: 149COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015E988 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B35FC7 Relevance: .1, Instructions: 123COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F1B3F Relevance: .1, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B07B77 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F2911 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38311E70 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0D78 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B0E9C8 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B07B69 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F2FF8 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B36609 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F2229 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B36668 Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08FA1 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E41CE0 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831D999 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831DDFF Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831DDF1 Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001576F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38313FE8 Relevance: 6.6, Strings: 5, Instructions: 394COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38313A50 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09841 Relevance: 4.0, Strings: 3, Instructions: 239COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09850 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F60C4 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F43A7 Relevance: 3.3, Strings: 2, Instructions: 771COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F60C2 Relevance: 3.3, Strings: 2, Instructions: 769COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F43A5 Relevance: 3.3, Strings: 2, Instructions: 768COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158490 Relevance: 3.2, Strings: 2, Instructions: 703COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F475F Relevance: 3.1, Strings: 2, Instructions: 590COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F6493 Relevance: 3.1, Strings: 2, Instructions: 586COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5E950 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08A68 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09CD7 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314351 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314385 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314790 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AFD7 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 383148D0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00152790 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015E018 Relevance: .6, Instructions: 647COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314A68 Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001580D8 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B094E1 Relevance: .2, Instructions: 182COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5D700 Relevance: .2, Instructions: 178COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B094F0 Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5D410 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B573E0 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E481E8 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E421B8 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E45968 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015F71F Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F55E2 Relevance: .1, Instructions: 148COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015D548 Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08A59 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015A303 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5FB37 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5FB48 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159C30 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E4FB22 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5E588 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155658 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B573D0 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E48461 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5D401 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09F88 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B570AF Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E481DA Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E421A7 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04E45958 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831FC5E Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158370 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001541A0 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158380 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F3E98 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09EA9 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F54D8 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001528F0 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156300 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155649 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08C4A Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154285 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B09EB0 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159761 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314632 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831992C Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001562F0 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5EBE2 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015F640 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314C00 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001527F0 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B087A8 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08431 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B08EF1 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015F650 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 383149E0 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155E98 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38313248 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38313258 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314640 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015E8E8 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015ABE0 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314C98 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5EB58 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 383144CF Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5E690 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AF36 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314990 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B5E6A0 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156739 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159C41 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001528B0 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001528AB Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158EF8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38314A40 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015D6D4 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015AFAD Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156748 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C7B Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0040 Relevance: 23.0, Strings: 18, Instructions: 461COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059A9 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0006 Relevance: 12.9, Strings: 10, Instructions: 390COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0A10 Relevance: 2.7, Strings: 2, Instructions: 222COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0A01 Relevance: 2.6, Strings: 2, Instructions: 133COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38310040 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B356B8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B32DA8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B34D98 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B31280 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B32488 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B30DF0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B31FF8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B33FE8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B304D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B336C8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 38310B30 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3FAB0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B38CB8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3A4A0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3CFA8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3E790 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B37998 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B39180 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3BC88 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B387F0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3B2F8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3CAE0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3F5E8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B374D0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B39FD8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3B7C0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B3E2C8 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831F810 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831CCA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831D0F8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831D550 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831E258 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831E6B0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831EB08 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831EF60 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3831F3B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04B31BA0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F50C7 Relevance: .2, Instructions: 197COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 379F0D26 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040543E Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403987 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043CD Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EE3 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040336C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 80stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004046FF Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B9 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F6B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 138memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404275 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404BC9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406601 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ABB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004057CE Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405273 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CF2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|