Edit tour
Windows
Analysis Report
sgJV11UlDP.exe
Overview
General Information
| Sample name: | sgJV11UlDP.exerenamed because original name is a hash value |
| Original sample name: | f3a3332b13baa50c41644b86efdf0fe4.exe |
| Analysis ID: | 1534200 |
| MD5: | f3a3332b13baa50c41644b86efdf0fe4 |
| SHA1: | f3b91aa55b8dce62cb614e2a43d8e3973b1d47b6 |
| SHA256: | 7fd5435121f2cb4320b1bc49400152ec3fecce7f5ce0acce56f32c327126c970 |
| Tags: | 32exe |
| Infos: |   |
 | |
Detection
GuLoader, XWorm
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected XWorm
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Sigma detected: New RUN Key Pointing to Suspicious Folder
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
sgJV11UlDP.exe (PID: 3488 cmdline:
"C:\Users\ user\Deskt op\sgJV11U lDP.exe" MD5: F3A3332B13BAA50C41644B86EFDF0FE4) "C:\Users\ user\Deskt op\sgJV11U lDP.exe" MD5: F3A3332B13BAA50C41644B86EFDF0FE4)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["xwor3july.duckdns.org"], "Port": "9402", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V3.1"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: | ||
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-15T17:45:25.554637+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:32.651049+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:45.326150+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:55.596783+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:58.027618+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:08.136615+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:17.332459+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:23.501557+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:24.501602+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:25.546587+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:28.753111+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:33.517713+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:41.664779+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:42.623753+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:43.149064+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:43.518716+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:45.296248+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:45.537363+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:46.446363+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:48.771067+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:49.096956+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:49.437617+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.292180+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.417152+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.544193+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:52.246429+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:52.529898+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:53.138612+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:53.259764+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:54.327185+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:54.790711+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:55.568571+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:56.004986+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:57.671109+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:58.719544+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:58.840031+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:59.527377+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:59.739535+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:01.244556+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:02.307098+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:02.479914+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.145716+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.678849+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.803326+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.312029+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.431719+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.555104+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:06.084539+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:07.213714+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:08.868926+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.127357+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.387002+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.543030+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.851333+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:11.138291+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:11.475118+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:13.364947+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.353023+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.669405+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.964895+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.290407+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.672075+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.954329+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:20.575322+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:20.883903+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:21.216954+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:21.666070+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:22.169730+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.192264+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.311776+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.573479+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.270358+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.393549+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.570197+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:26.465461+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:28.630328+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:30.561112+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:30.787137+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:31.140009+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.008737+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.675746+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.797413+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.926895+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:33.221170+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:34.398495+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:34.518679+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.114697+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.114873+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.115412+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.115448+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.116031+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.116098+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.352076+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.477115+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:36.405813+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.081732+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.201927+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.321531+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.781318+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.538460+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.564095+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.670129+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.739841+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.961517+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.527937+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.905110+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.911595+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:45.968527+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:46.211962+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.142731+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.503747+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.767259+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.268252+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.387986+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.557358+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.780928+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.836475+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.900389+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:52.573253+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.057145+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.292163+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.414000+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.539324+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.237705+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789742+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789756+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:56.971582+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:57.400618+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:57.915504+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:58.035116+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:58.486137+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:59.701277+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:00.441001+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:01.063951+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:01.499953+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:02.294998+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:03.139103+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:04.126843+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:06.485959+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:07.406036+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:07.913123+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:09.218286+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:11.056968+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:11.908804+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:12.590826+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:13.723544+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:13.843344+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:16.130109+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:22.709768+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:25.579440+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-15T17:45:25.554637+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:55.596783+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:25.546587+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:55.568571+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:56.004986+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.570197+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789742+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789756+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:25.579440+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-15T17:46:52.889612+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 58092 | 12.221.146.138 | 9402 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004062F0 | |
| Source: | Code function: | 0_2_004057B5 | |
| Source: | Code function: | 0_2_00402765 | |
| Source: | Code function: | 3_2_00402765 | |
| Source: | Code function: | 3_2_004062F0 | |
| Source: | Code function: | 3_2_004057B5 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405252 | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00403248 | |
| Source: | Code function: | 3_2_00403289 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_70021A98 | |
| Source: | Code function: | 3_2_0015DC48 | |
| Source: | Code function: | 3_2_00150ECD | |
| Source: | Code function: | 3_2_0015F36C | |
| Source: | Code function: | 3_2_366EB4B0 | |
| Source: | Code function: | 3_2_366EF29F | |
| Source: | Code function: | 3_2_366E2C20 | |
| Source: | Code function: | 3_2_366EBD80 | |
| Source: | Code function: | 3_2_366E7BB8 | |
| Source: | Code function: | 3_2_366EB168 | |
| Source: | Code function: | 3_2_366E0EC0 | |
| Source: | Code function: | 3_2_366E0EBB | |
| Source: | Code function: | 3_2_366E2C1B | |
| Source: | Code function: | 3_2_366E3B4F | |
| Source: | Code function: | 3_2_366E8908 | |
| Source: | Code function: | 3_2_366E89E7 | |
| Source: | Dropped File: | ||
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403248 | |
| Source: | Code function: | 3_2_00403289 | |
| Source: | Code function: | 0_2_0040450D | |
| Source: | Code function: | 0_2_00402138 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_70021A98 | |
| Source: | Code function: | 0_2_70022F8E | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_004062F0 | |
| Source: | Code function: | 0_2_004057B5 | |
| Source: | Code function: | 0_2_00402765 | |
| Source: | Code function: | 3_2_00402765 | |
| Source: | Code function: | 3_2_004062F0 | |
| Source: | Code function: | 3_2_004057B5 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4340 | ||
| Source: | API call chain: | graph_0-4165 | ||
| Source: | Code function: | 0_2_00403248 | |
| Source: | Code function: | 0_2_70021A98 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403248 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 11 Masquerading | OS Credential Dumping | 221 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Clipboard Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 1 Access Token Manipulation | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 215 System Information Discovery | SSH | Keylogging | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| apslline.com | 103.53.40.62 | true | false | unknown | |
| xwor3july.duckdns.org | 12.221.146.138 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 103.53.40.62 | apslline.com | India | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
| 12.221.146.138 | xwor3july.duckdns.org | United States | 7018 | ATT-INTERNET4US | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1534200 |
| Start date and time: | 2024-10-15 17:42:57 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 9m 12s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | sgJV11UlDP.exerenamed because original name is a hash value |
| Original Sample Name: | f3a3332b13baa50c41644b86efdf0fe4.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@3/26@12/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: sgJV11UlDP.exe
| Time | Type | Description |
|---|---|---|
| 11:44:42 | Autostart | |
| 11:44:50 | Autostart | |
| 11:44:52 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 103.53.40.62 | Get hash | malicious | GuLoader, XWorm | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| 12.221.146.138 | Get hash | malicious | GuLoader, XWorm | Browse | ||
| Get hash | malicious | PureLog Stealer | Browse | |||
| Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
| Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
| Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | PureLog Stealer | Browse | |||
| Get hash | malicious | PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| xwor3july.duckdns.org | Get hash | malicious | GuLoader, XWorm | Browse |
| |
| apslline.com | Get hash | malicious | GuLoader, XWorm | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ATT-INTERNET4US | Get hash | malicious | Metasploit | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
| PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | GuLoader, XWorm | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, XWorm | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsi1D9A.tmp\System.dll | Get hash | malicious | GuLoader, XWorm | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| C:\Users\user\AppData\Local\Temp\Unsurveyable197\Busaos.pif | Get hash | malicious | GuLoader, XWorm | Browse |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5329718 |
| Entropy (8bit): | 7.979774478767476 |
| Encrypted: | false |
| SSDEEP: | 98304:EH//4Q0gBDcLaUgZLGTVCfjemnYMjgfRQ14dewsjdis7xGC4tIf/Yapu5koUe:0BD4aUgZLhj3gZj67xHRnFpu5kPe |
| MD5: | F3A3332B13BAA50C41644B86EFDF0FE4 |
| SHA1: | F3B91AA55B8DCE62CB614E2A43D8E3973B1D47B6 |
| SHA-256: | 7FD5435121F2CB4320B1BC49400152EC3FECCE7F5CE0ACCE56F32C327126C970 |
| SHA-512: | 46808E4D79D0D1FBE2835456DAF31E0DE9E8F296B7863F38400EAA03FBF33BE450F92DF16F9B77AC5BB95AA33A97D484C1C678891C6E13B151F9CB7865C99BE7 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.483822629187616 |
| Encrypted: | false |
| SSDEEP: | 3:sEMBQEJkJVEj9id7EVUxQoXUn:uVmxvUn |
| MD5: | 57FCC15EFB7333330E4CE43A197A823F |
| SHA1: | 66BD1A4B000CF26B6E568CACDDA0E9F88C28F899 |
| SHA-256: | 30A71BBB38285BAEA3079D8868EE88C97C988727E3A139528FC153291328E394 |
| SHA-512: | C1B9FDA9BA474F6FF65A37656C8CDDF072556A2EEF653DD043FE1E3AE89E1AE8311AA0433BBB5C989912EDBB21C85ED70F6866AB6957C83B88A085CCC4AE0316 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.854901984552606 |
| Encrypted: | false |
| SSDEEP: | 192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4 |
| MD5: | 0063D48AFE5A0CDC02833145667B6641 |
| SHA1: | E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8 |
| SHA-256: | AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7 |
| SHA-512: | 71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56 |
| Entropy (8bit): | 4.286618146008852 |
| Encrypted: | false |
| SSDEEP: | 3:sAAEVvjsvdxE584n:fL9P |
| MD5: | 2B322A53D90A2271FFF01BF0834A5FD9 |
| SHA1: | DA3FB0F558C75C2FE3D0BD7C9C19705B72B57D3D |
| SHA-256: | C30C98B13BB40861BA5B1CD08CC1018D11C0E9B0C95716A8A0D7B8E0B863CEB9 |
| SHA-512: | F0B775FEF5150A7824FE25320F0FB1C383BAFC1AF7AC79E2E3CC7E791D4F296C44755A5A56BD4DFEEF8D0C9F913B5F9CF5B4AD8487FDC1163DF82050EE64521B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 3.9637832956585757 |
| Encrypted: | false |
| SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
| MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
| SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
| SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
| SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.256564762130954 |
| Encrypted: | false |
| SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
| MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
| SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
| SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
| SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0914493934217315 |
| Encrypted: | false |
| SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
| MD5: | 5D04A35D3950677049C7A0CF17E37125 |
| SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
| SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
| SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44084 |
| Entropy (8bit): | 1.251987965137089 |
| Encrypted: | false |
| SSDEEP: | 384:H5J4r26NPfk3R0omoj53ZOmVFPACwEygLw6:b4igfY3wEy9 |
| MD5: | 8E1ECD1CAD1A69BA46F3589D3EE05FCD |
| SHA1: | 511FE3218234DFD061C85834E32694D500A2D8CA |
| SHA-256: | 027B544D8E1F0A9CC480B455943CDB8B7F2E1E6FE64FA4E84C5FB22F58E75534 |
| SHA-512: | D4E8D21B29799A2FD6AA6B254B0E5F1E212F2CEFF6244D3AE1641F460A88FD39EC32AB04E3787BE6C313ABC85B76A2ECC90FA697C58B9899AEE59B16452D98F7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 495473 |
| Entropy (8bit): | 1.252683728528738 |
| Encrypted: | false |
| SSDEEP: | 1536:29Atz1Dww/YItq3ys1yNe3uRHiOnU2E74SEH:29AtzV/2yFauRHcoH |
| MD5: | EF47BA5BA9823E8C3469035CF70773D2 |
| SHA1: | 21D1961813BA8BABF395C3AFE324487EE355578F |
| SHA-256: | 895776946CC4E8956593C9B8CBA36B3D0523F921C419F2A68C58C82FC5BA8C8B |
| SHA-512: | E78EA0CA2E615EF745FDE2A8D1FE07F7216E253057805091E0E91A4E7CD780BA8C5E33F2DFA6283104D7A2EED606DEAAE1E82345135CBA914ECAB32B9C5CCF27 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8601 |
| Entropy (8bit): | 1.1545164397538636 |
| Encrypted: | false |
| SSDEEP: | 48:zEuB7ok0LmcrzKI9XjvjvGWt/nSz4DP6FIB/IoZt/V:4uBsk0ac1jvqcD6QhV |
| MD5: | F4A704DD6599AA965F753CF4AFF41544 |
| SHA1: | 27F6166A11011BF9340B9477D469A5E39B67CF5B |
| SHA-256: | 689F1C7B21D424488E2F82F5E1CF663D41BE2B8402853953B723F457D91F5C2F |
| SHA-512: | F2EC79C777CA0349BA727C2292026C83C3CCB0F84C807431A859DB7196248C95E17DFE13EA081F3020BF12F14001D58824F6EE0AEE770DED6BEB7D94E082C082 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 225561 |
| Entropy (8bit): | 1.2509602063831964 |
| Encrypted: | false |
| SSDEEP: | 768:vodpoBR9G/El4UjO+zHLgOWJmrzfhDM2QY2RSbSL8nMzcUqbFuPYVTmTy2MekyEc:W2pzkDkzfhAtNbKANtv4U |
| MD5: | 6865DE99FA19A6862DF5C404DE274F27 |
| SHA1: | 4EFBD7E416C513C7B2516052EFD42DB502306C35 |
| SHA-256: | 3921ED66814A1199A488E44FDD72C224D4AD9505F3EA9D111E046704B37483B3 |
| SHA-512: | F46BDCB2A29BA7ECD780C181230E573D3D0D7C55BFC06CAD641FA764F90068AFB6A3F7FC14AF1BA725A168EF212CBA93F6530FE7C0D0EE0C78B5A5B729F41B3D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 155008 |
| Entropy (8bit): | 4.592026808124209 |
| Encrypted: | false |
| SSDEEP: | 1536:GvWaiD1khghhBlYPnsfL3qy0IPazqk8R4JIZoyvUv8fUc/SzqJH3G69/BKhoS64z:GcD1kEVqy0IPaQ7ZhjNaIH37/f8 |
| MD5: | 8F6AC9BACA244A9FE17E755F881C8FC5 |
| SHA1: | 8C1B08CE1996A597904283F8BE8FE677ABB592D9 |
| SHA-256: | 200AD6E107078B2C0ED3B29AA5CE0F7E4AE26E80A8AA25AEA2BB487B2F20AE66 |
| SHA-512: | 78B5924ECC3CB0648B5511638AF98EB1E00D8A150CA84F574CAC9DE04F7BD50D95E2A33C981F1F0467EB898D6D9C34978264B178F57B016A106CEC8F82643922 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56731 |
| Entropy (8bit): | 1.2442160585209034 |
| Encrypted: | false |
| SSDEEP: | 384:6tYghFWWJicOfl9hdYo9Gvdjh1rjjKlsru8a/3FPzYnaIgapZvHcFe/0C2vqW8IP:NyJicyhlodh1jKlP/3FcRseqD |
| MD5: | BCA0C962216D9B512E1FEE1F72EBA35B |
| SHA1: | FF228246A15FA291474DF13F96C51A6BBE03FDBE |
| SHA-256: | 9207608EB008266B5F27EFAF786A1B6D2C4B611F484F62B5FF31D764C0225923 |
| SHA-512: | 848BEBCE00D0968884AC1A54BC220DA34FADAA072F403434741DFC3F9843EB3848864184F1F38DAEB013CE0BFEE1BDC09679E80F2EAB9C8CC67ABA3816E0548A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 495473 |
| Entropy (8bit): | 1.252683728528738 |
| Encrypted: | false |
| SSDEEP: | 1536:29Atz1Dww/YItq3ys1yNe3uRHiOnU2E74SEH:29AtzV/2yFauRHcoH |
| MD5: | EF47BA5BA9823E8C3469035CF70773D2 |
| SHA1: | 21D1961813BA8BABF395C3AFE324487EE355578F |
| SHA-256: | 895776946CC4E8956593C9B8CBA36B3D0523F921C419F2A68C58C82FC5BA8C8B |
| SHA-512: | E78EA0CA2E615EF745FDE2A8D1FE07F7216E253057805091E0E91A4E7CD780BA8C5E33F2DFA6283104D7A2EED606DEAAE1E82345135CBA914ECAB32B9C5CCF27 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4194304 |
| Entropy (8bit): | 7.999957575310736 |
| Encrypted: | true |
| SSDEEP: | 98304:SDcLaUgZLGTVCfjemnYMjgfRQ14dewsjdis7xGC4tIl:SD4aUgZLhj3gZj67xHRl |
| MD5: | 498A8D2FF2582C3230061DB8C034E542 |
| SHA1: | FD90A6C047C4545728E60FEA23DDA445618AB56F |
| SHA-256: | 4FD8B4E320029B4934A877CD932ABACF6A86AABB78DDDB264E7F752C8949A9AB |
| SHA-512: | EF9CBD701C76595A6F9B2C04C79C2430227CA6D23B6A6716892CC28C8A8B2FD40A98AF9A46AF0EF824F886D9916D8046221710F7F6AC8F35B2F8A4DD24A86B56 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8601 |
| Entropy (8bit): | 1.1545164397538636 |
| Encrypted: | false |
| SSDEEP: | 48:zEuB7ok0LmcrzKI9XjvjvGWt/nSz4DP6FIB/IoZt/V:4uBsk0ac1jvqcD6QhV |
| MD5: | F4A704DD6599AA965F753CF4AFF41544 |
| SHA1: | 27F6166A11011BF9340B9477D469A5E39B67CF5B |
| SHA-256: | 689F1C7B21D424488E2F82F5E1CF663D41BE2B8402853953B723F457D91F5C2F |
| SHA-512: | F2EC79C777CA0349BA727C2292026C83C3CCB0F84C807431A859DB7196248C95E17DFE13EA081F3020BF12F14001D58824F6EE0AEE770DED6BEB7D94E082C082 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 401789 |
| Entropy (8bit): | 7.065739037088379 |
| Encrypted: | false |
| SSDEEP: | 6144:VKZHDLgRwDXlRryEnqgwg7MfFR0bs0A5SmatP+jiCn41/OfGmlYc:Vkx1hyE6gyQbLARxjiC4KGy |
| MD5: | DE8A813CE4FD2B0CC978241AB06A18EC |
| SHA1: | FF3712B5D4D5AD5C5229AF56800710DE26CA2D1E |
| SHA-256: | 8DFA258211EEB70EB2DAFE04758756BFBCBECE83013EB853CECA71B22928E91D |
| SHA-512: | 8F06E206F7F58AA9BDC36425589C2AFAFDF42986E1AD1102E5B38A1717CC2E354A1A8564A9A7FCB2DD74E22E214000AF2184C04C2758DA37EAF89C9567BF63AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 225561 |
| Entropy (8bit): | 1.2509602063831964 |
| Encrypted: | false |
| SSDEEP: | 768:vodpoBR9G/El4UjO+zHLgOWJmrzfhDM2QY2RSbSL8nMzcUqbFuPYVTmTy2MekyEc:W2pzkDkzfhAtNbKANtv4U |
| MD5: | 6865DE99FA19A6862DF5C404DE274F27 |
| SHA1: | 4EFBD7E416C513C7B2516052EFD42DB502306C35 |
| SHA-256: | 3921ED66814A1199A488E44FDD72C224D4AD9505F3EA9D111E046704B37483B3 |
| SHA-512: | F46BDCB2A29BA7ECD780C181230E573D3D0D7C55BFC06CAD641FA764F90068AFB6A3F7FC14AF1BA725A168EF212CBA93F6530FE7C0D0EE0C78B5A5B729F41B3D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 155008 |
| Entropy (8bit): | 4.592026808124209 |
| Encrypted: | false |
| SSDEEP: | 1536:GvWaiD1khghhBlYPnsfL3qy0IPazqk8R4JIZoyvUv8fUc/SzqJH3G69/BKhoS64z:GcD1kEVqy0IPaQ7ZhjNaIH37/f8 |
| MD5: | 8F6AC9BACA244A9FE17E755F881C8FC5 |
| SHA1: | 8C1B08CE1996A597904283F8BE8FE677ABB592D9 |
| SHA-256: | 200AD6E107078B2C0ED3B29AA5CE0F7E4AE26E80A8AA25AEA2BB487B2F20AE66 |
| SHA-512: | 78B5924ECC3CB0648B5511638AF98EB1E00D8A150CA84F574CAC9DE04F7BD50D95E2A33C981F1F0467EB898D6D9C34978264B178F57B016A106CEC8F82643922 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56731 |
| Entropy (8bit): | 1.2442160585209034 |
| Encrypted: | false |
| SSDEEP: | 384:6tYghFWWJicOfl9hdYo9Gvdjh1rjjKlsru8a/3FPzYnaIgapZvHcFe/0C2vqW8IP:NyJicyhlodh1jKlP/3FcRseqD |
| MD5: | BCA0C962216D9B512E1FEE1F72EBA35B |
| SHA1: | FF228246A15FA291474DF13F96C51A6BBE03FDBE |
| SHA-256: | 9207608EB008266B5F27EFAF786A1B6D2C4B611F484F62B5FF31D764C0225923 |
| SHA-512: | 848BEBCE00D0968884AC1A54BC220DA34FADAA072F403434741DFC3F9843EB3848864184F1F38DAEB013CE0BFEE1BDC09679E80F2EAB9C8CC67ABA3816E0548A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44084 |
| Entropy (8bit): | 1.251987965137089 |
| Encrypted: | false |
| SSDEEP: | 384:H5J4r26NPfk3R0omoj53ZOmVFPACwEygLw6:b4igfY3wEy9 |
| MD5: | 8E1ECD1CAD1A69BA46F3589D3EE05FCD |
| SHA1: | 511FE3218234DFD061C85834E32694D500A2D8CA |
| SHA-256: | 027B544D8E1F0A9CC480B455943CDB8B7F2E1E6FE64FA4E84C5FB22F58E75534 |
| SHA-512: | D4E8D21B29799A2FD6AA6B254B0E5F1E212F2CEFF6244D3AE1641F460A88FD39EC32AB04E3787BE6C313ABC85B76A2ECC90FA697C58B9899AEE59B16452D98F7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 669932 |
| Entropy (8bit): | 5.5314845590929895 |
| Encrypted: | false |
| SSDEEP: | 6144:gKk30jClLCugYQs0Om0TmZi6ZYMdCZcZtaW22ibSd4MoX1DXI5nR9mx2KdQJf6mC:ghdCugMm0TWNIJpbIu945c2iAWeO |
| MD5: | 43AB379A4F5EB535BEEFA8769D0F145C |
| SHA1: | B5BEDA93EDAB6D45FC87C74406F28575AE3BA633 |
| SHA-256: | E35EFD069097EFCED37EB9A320F9D1519558C61B3C6B606E659A28B0432ADF35 |
| SHA-512: | 27B864E0C981CBC385505AB031A5BF245F8DA6588A7762447305A72E8513F904A4509EB104E6A75EB279D364EF853B936405E3B12C6F63082CB2F33D674826A0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7164 |
| Entropy (8bit): | 5.424736170205588 |
| Encrypted: | false |
| SSDEEP: | 192:tVcb8h0g8jt9vETUdc0OcVgW6Bw2uYcJIt:t7unsYKFcVgDzcJw |
| MD5: | 118AE093FAA03BDC13A832B55CEFB2DE |
| SHA1: | 022999FA13CBA8ABCF66C5E866C941547E7AEB33 |
| SHA-256: | 4D2145F9211995A99F9828752EF15F9789ADA25B8CEB1EF135CFE9D2ABD5479F |
| SHA-512: | 07D35E1E7319DC0271D4CD467A3597A36ED27A00CB115381A01DDDE7C316D311B70345DB04BC84E4D660732A4616967AE407812252CFC9E053BC82BD5A406032 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 213163 |
| Entropy (8bit): | 1.2509035420987697 |
| Encrypted: | false |
| SSDEEP: | 768:E6Ak6TqKI8qNenRhDkU13nK/Owzmzj63GMIrCDVOAqiVyycSsOR2D+uFFO8ukH1m:a/TnkUFupj/vM9PV |
| MD5: | 98B0761197297AB236BC284E2B596C55 |
| SHA1: | D84B6FCBC7822AC3617AF2E06807F24B6CB09501 |
| SHA-256: | 1B09158404A448B8B8DA21415D6D3FF844658BF441B5A5FB4C651B2B1F5F5809 |
| SHA-512: | 6AB83D66E4E5874688F7A64C133EF3514CE355936CD66895EFE8249E316E2C87195B82FF4E7780180BA3B58C097196AA58736BA6A9365CC36943C6AC8D78A71D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 380 |
| Entropy (8bit): | 4.150391372844806 |
| Encrypted: | false |
| SSDEEP: | 6:jKYlGRpzKVqXB++DC6XBRuN6kgrRmXLY8bOraYKFSX6WlWfHcSTQX97Mm2CXmVyg:mYsDmVqXBpC6XnDk+wXcj5KFSk+X97xE |
| MD5: | DCEB38A26FFEAB28D24D304205DD1CFD |
| SHA1: | 7C3CD56A0E4A2A768D14EA41D88D163C8A3E66DD |
| SHA-256: | 68F09ACCAE0DF5988DF3AACFFF32C8025F07A266367AD77E1614814B2A05C98F |
| SHA-512: | 27469F330E5F57D253084536619CAED2F220CC1AAB74B476C175FAA24467301BA0DD1CC52E9F2F15B5052F0CFC397A4C95B7147C7BD6369ECACD7319FF2BCAE5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 401789 |
| Entropy (8bit): | 7.065739037088379 |
| Encrypted: | false |
| SSDEEP: | 6144:VKZHDLgRwDXlRryEnqgwg7MfFR0bs0A5SmatP+jiCn41/OfGmlYc:Vkx1hyE6gyQbLARxjiC4KGy |
| MD5: | DE8A813CE4FD2B0CC978241AB06A18EC |
| SHA1: | FF3712B5D4D5AD5C5229AF56800710DE26CA2D1E |
| SHA-256: | 8DFA258211EEB70EB2DAFE04758756BFBCBECE83013EB853CECA71B22928E91D |
| SHA-512: | 8F06E206F7F58AA9BDC36425589C2AFAFDF42986E1AD1102E5B38A1717CC2E354A1A8564A9A7FCB2DD74E22E214000AF2184C04C2758DA37EAF89C9567BF63AE |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.979774478767476 |
| TrID: |
|
| File name: | sgJV11UlDP.exe |
| File size: | 5'329'718 bytes |
| MD5: | f3a3332b13baa50c41644b86efdf0fe4 |
| SHA1: | f3b91aa55b8dce62cb614e2a43d8e3973b1d47b6 |
| SHA256: | 7fd5435121f2cb4320b1bc49400152ec3fecce7f5ce0acce56f32c327126c970 |
| SHA512: | 46808e4d79d0d1fbe2835456daf31e0de9e8f296b7863f38400eaa03fbf33be450f92df16f9b77ac5bb95aa33a97d484c1c678891c6e13b151f9cb7865c99be7 |
| SSDEEP: | 98304:EH//4Q0gBDcLaUgZLGTVCfjemnYMjgfRQ14dewsjdis7xGC4tIf/Yapu5koUe:0BD4aUgZLhj3gZj67xHRnFpu5kPe |
| TLSH: | 8A3633A37D14E06CD59513B812139D5BD77E9FA21C252B672290BB0ABE73389BF23D01 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........r.../...............+.......Rich............PE..L......].................b....9.....H2............@ |
 | |
| Icon Hash: | 1e175ed66c3c9347 |
| Entrypoint: | 0x403248 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5DF6D4D5 [Mon Dec 16 00:50:29 2019 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e9c0657252137ac61c1eeeba4c021000 |
| Instruction |
|---|
| sub esp, 00000184h |
| push ebx |
| push esi |
| push edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+18h], ebx |
| mov dword ptr [esp+10h], 0040A198h |
| mov dword ptr [esp+20h], ebx |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [004080A0h] |
| call dword ptr [0040809Ch] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [007A2F4Ch], eax |
| je 00007F2EE8E4A453h |
| push ebx |
| call 00007F2EE8E4D53Bh |
| cmp eax, ebx |
| je 00007F2EE8E4A449h |
| push 00000C00h |
| call eax |
| mov esi, 00408298h |
| push esi |
| call 00007F2EE8E4D4B7h |
| push esi |
| call dword ptr [00408098h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], bl |
| jne 00007F2EE8E4A42Dh |
| push 0000000Ah |
| call 00007F2EE8E4D50Fh |
| push 00000008h |
| call 00007F2EE8E4D508h |
| push 00000006h |
| mov dword ptr [007A2F44h], eax |
| call 00007F2EE8E4D4FCh |
| cmp eax, ebx |
| je 00007F2EE8E4A451h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F2EE8E4A449h |
| or byte ptr [007A2F4Fh], 00000040h |
| push ebp |
| call dword ptr [00408040h] |
| push ebx |
| call dword ptr [00408284h] |
| mov dword ptr [007A3018h], eax |
| push ebx |
| lea eax, dword ptr [esp+38h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0079E508h |
| call dword ptr [00408178h] |
| push 0040A188h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8430 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3b6000 | 0x3ad78 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x294 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x60d8 | 0x6200 | e59663060e65803bb6474d2af98f8aa9 | False | 0.6750637755102041 | data | 6.467400856752681 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x123e | 0x1400 | 7969015d02b2f673463f43156b28cdb4 | False | 0.428515625 | data | 5.032652926909017 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x399058 | 0x400 | 2d383339e780dfc9691f30584bbd0766 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x3a4000 | 0x12000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3b6000 | 0x3ad78 | 0x3ae00 | a32d901976697d7bbce42d8596684b1d | False | 0.6666625199044586 | data | 6.294242973261698 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x3b6388 | 0x128ae | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9988545095457538 |
| RT_ICON | 0x3c8c38 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.4953714657518041 |
| RT_ICON | 0x3d9460 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.5109049821315955 |
| RT_ICON | 0x3e2908 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.5138170055452865 |
| RT_ICON | 0x3e7d90 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.5477680680207841 |
| RT_ICON | 0x3ebfb8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.5617219917012448 |
| RT_ICON | 0x3ee560 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.6238273921200751 |
| RT_ICON | 0x3ef608 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.6639344262295082 |
| RT_ICON | 0x3eff90 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.7296099290780141 |
| RT_DIALOG | 0x3f03f8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x3f0540 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x3f0640 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x3f0760 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x3f07c0 | 0x84 | Targa image data - Map 32 x 10414 x 1 +1 | English | United States | 0.7348484848484849 |
| RT_VERSION | 0x3f0848 | 0x1f0 | MS Windows COFF PowerPC object file | English | United States | 0.4959677419354839 |
| RT_MANIFEST | 0x3f0a38 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
| USER32.dll | GetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage |
| GDI32.dll | SelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-15T17:45:25.554637+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:25.554637+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:32.390407+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 58092 | 12.221.146.138 | 9402 | TCP |
| 2024-10-15T17:45:32.651049+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:45.326150+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:55.596783+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:55.596783+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:45:58.027618+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:08.136615+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:17.332459+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:23.501557+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:24.501602+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:25.546587+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:25.546587+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:28.753111+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:33.517713+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:41.664779+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:42.623753+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:43.149064+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:43.518716+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:45.296248+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:45.537363+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:46.446363+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:48.771067+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:49.096956+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:49.437617+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.292180+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.417152+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:51.544193+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:52.246429+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:52.529898+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:52.889612+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 58092 | 12.221.146.138 | 9402 | TCP |
| 2024-10-15T17:46:53.138612+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:53.259764+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:54.327185+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:54.790711+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:55.568571+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:55.568571+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:56.004986+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:56.004986+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:57.671109+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:58.719544+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:58.840031+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:59.527377+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:46:59.739535+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:01.244556+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:02.307098+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:02.479914+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.145716+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.678849+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:04.803326+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.312029+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.431719+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:05.555104+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:06.084539+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:07.213714+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:08.868926+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.127357+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.387002+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.543030+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:09.851333+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:11.138291+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:11.475118+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:13.364947+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.353023+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.669405+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:16.964895+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.290407+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.672075+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:17.954329+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:20.575322+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:20.883903+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:21.216954+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:21.666070+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:22.169730+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.192264+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.311776+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:24.573479+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.270358+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.393549+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.570197+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:25.570197+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:26.465461+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:28.630328+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:30.561112+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:30.787137+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:31.140009+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.008737+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.675746+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.797413+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:32.926895+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:33.221170+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:34.398495+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:34.518679+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.114697+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.114873+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.115412+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.115448+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.116031+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.116098+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.352076+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:35.477115+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:36.405813+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.081732+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.201927+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.321531+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:37.781318+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.538460+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.564095+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.670129+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.739841+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:38.961517+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.527937+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.905110+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:40.911595+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:45.968527+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:46.211962+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.142731+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.503747+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:47.767259+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.268252+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.387986+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:48.557358+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.780928+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.836475+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:49.900389+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:52.573253+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.057145+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.292163+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.414000+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:54.539324+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.237705+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789742+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789742+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789756+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:55.789756+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:56.971582+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:57.400618+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:57.915504+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:58.035116+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:58.486137+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:47:59.701277+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:00.441001+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:01.063951+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:01.499953+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:02.294998+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:03.139103+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:04.126843+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:06.485959+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:07.406036+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:07.913123+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:09.218286+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:11.056968+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:11.908804+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:12.590826+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:13.723544+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:13.843344+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:16.130109+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:22.709768+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:25.579440+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| 2024-10-15T17:48:25.579440+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 12.221.146.138 | 9402 | 192.168.2.8 | 58092 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 15, 2024 17:44:47.427505016 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:47.427555084 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:47.427668095 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:47.438977003 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:47.439014912 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:48.539537907 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:48.539674997 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:48.697280884 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:48.697314978 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:48.697650909 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:48.697705984 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:48.714042902 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:48.759402990 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.084904909 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.084927082 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.085066080 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.085108042 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.086815119 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.209090948 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.209249973 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.324630976 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.324826956 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.442347050 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.442409039 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.442446947 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.442480087 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.442490101 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.442492962 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:44:49.442539930 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.452986956 CEST | 58053 | 443 | 192.168.2.8 | 103.53.40.62 |
| Oct 15, 2024 17:44:49.453020096 CEST | 443 | 58053 | 103.53.40.62 | 192.168.2.8 |
| Oct 15, 2024 17:45:19.564538956 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:19.569438934 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:19.569561958 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:19.673064947 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:19.678186893 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:25.554636955 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:25.595417023 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:32.390407085 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:32.395586967 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:32.651048899 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:32.704742908 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:45.080651045 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:45.085624933 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:45.326149940 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:45.376842976 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:55.596782923 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:55.642076969 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:57.783304930 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:45:57.788338900 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:58.027617931 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:45:58.079587936 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:07.892352104 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:07.897643089 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:08.136615038 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:08.188868046 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:16.493330956 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:16.498405933 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:17.332458973 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:17.376318932 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:21.954672098 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:21.959753990 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:23.501557112 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:23.548142910 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:24.251741886 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:24.256769896 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:24.501601934 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:24.548108101 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:25.546586990 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:25.595793962 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:28.501545906 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:28.506485939 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:28.753110886 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:28.798070908 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:33.191693068 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:33.278302908 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:33.517713070 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:33.563661098 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:41.379575968 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:41.388987064 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:41.664778948 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:41.876112938 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:42.375535011 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:42.380436897 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:42.551076889 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:42.556130886 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:42.623753071 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:42.673099995 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:43.149064064 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:43.376147032 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:43.518716097 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:43.518820047 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:44.470850945 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:44.517342091 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:45.064754009 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:45.296247959 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:45.298401117 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:45.376089096 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:45.537363052 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:45.673038006 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:46.174671888 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:46.179738045 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:46.446362972 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:46.672945976 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:48.523439884 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:48.529175043 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:48.771066904 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:48.853873968 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:48.858911991 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:49.096956015 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:49.172960043 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:49.193799019 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:49.198786020 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:49.437617064 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:49.563549995 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:51.048274040 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:51.053322077 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.067390919 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:51.072628975 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.292180061 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.298629045 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:51.303940058 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.417151928 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.544193029 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:51.546946049 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.002401114 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.007489920 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:52.246428967 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:52.284923077 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.289915085 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:52.529897928 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:52.672905922 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.889611959 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.894824028 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:52.908020020 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:52.913048983 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:53.138612032 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:53.259763956 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:53.259830952 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:54.080821037 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:54.086003065 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:54.327184916 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:54.469774008 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:54.546503067 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:54.551553011 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:54.790710926 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:54.969769955 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:55.568571091 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:55.766659975 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:56.004986048 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:56.005053997 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:57.076320887 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:57.081497908 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:57.671108961 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:57.876005888 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:58.237016916 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:58.242077112 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:58.353374004 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:58.358539104 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:58.719543934 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:58.840030909 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:58.840090990 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:58.945208073 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:58.950110912 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:59.488049030 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:59.493035078 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:59.527376890 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:59.672867060 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:46:59.739535093 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:46:59.876015902 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:00.650913954 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:00.698486090 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:01.244555950 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:01.313855886 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:02.059803963 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:02.064960957 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:02.235642910 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:02.240941048 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:02.307097912 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:02.469712973 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:02.479913950 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:02.590358019 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:03.899323940 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:03.904438972 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.145715952 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.225049019 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:04.230515957 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.296406031 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:04.301441908 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.678848982 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.803325891 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:04.803432941 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:04.872812033 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:05.070318937 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.174653053 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:05.179788113 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.297966003 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:05.303015947 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.312028885 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.431719065 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.431801081 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:05.497706890 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:05.546574116 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.555104017 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:05.672837973 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:06.084538937 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:06.172835112 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:06.960228920 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:06.965192080 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:07.213713884 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:07.266568899 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:08.625111103 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:08.630359888 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:08.861773014 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:08.866833925 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:08.868926048 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:08.969688892 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:09.127357006 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.139388084 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:09.186290026 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.298243046 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:09.303275108 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.365824938 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:09.370965958 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.387001991 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.543030024 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.543100119 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:09.851332903 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:09.942492008 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:10.552325964 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:10.602382898 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:11.138290882 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:11.222203016 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:11.227184057 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:11.475117922 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:11.533682108 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:13.118757963 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:13.123604059 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:13.364947081 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:13.579026937 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:16.092602968 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:16.097609043 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:16.353023052 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:16.405158043 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:16.410119057 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:16.434328079 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:16.440579891 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:16.669404984 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:16.875914097 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:16.964895010 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.038583994 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:17.043679953 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.290406942 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.375880003 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:17.382493973 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:17.387511015 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.672075033 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.700675964 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:17.705583096 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:17.954329014 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:18.172763109 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:20.329178095 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:20.334191084 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:20.377080917 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:20.382358074 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:20.575321913 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:20.672786951 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:20.883903027 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:20.966859102 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:20.972934961 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:21.216953993 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:21.266474962 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:21.398958921 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:21.406044006 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:21.572535992 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:21.577425957 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:21.666069984 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:21.812130928 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:22.169729948 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:22.281627893 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:23.928426981 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:23.933386087 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.043286085 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.048432112 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.192264080 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.311775923 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.311862946 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.327841997 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.332920074 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.573478937 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.766454935 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.848392963 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.853558064 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:24.897962093 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:24.902985096 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:25.270358086 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:25.375837088 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:25.393548965 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:25.563338041 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:25.570197105 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:25.672735929 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:26.221777916 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:26.226936102 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:26.465461016 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:26.563369036 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:28.381748915 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:28.386753082 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:28.630327940 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:28.672719955 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:30.314677954 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:30.319684982 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:30.539180040 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:30.544137001 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:30.561111927 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:30.660418034 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:30.787137032 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:30.875808954 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:31.140008926 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:31.142294884 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:31.755656958 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:31.814157963 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.008737087 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.063462973 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.431925058 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.436903000 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.498191118 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.503221035 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.675745964 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.681777000 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.686696053 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.797413111 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.858000994 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.926894903 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:32.969523907 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.969696999 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:32.974637985 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:33.221169949 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:33.266880989 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.152291059 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.157536030 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.217967987 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.222836018 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.222887039 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.228079081 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.398494959 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.417140961 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.421989918 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.472310066 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.477210999 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.518678904 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.550448895 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.555356979 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.679855108 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:34.684979916 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:34.696590900 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.063302994 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.114696980 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.114872932 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.114932060 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.115411997 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.115447998 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.115503073 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.116030931 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.116097927 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.116130114 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.116188049 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.162122011 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.173508883 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.352076054 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.357356071 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.359371901 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:35.477114916 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:35.565291882 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:36.161444902 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:36.166630983 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:36.405812979 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:36.487322092 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:36.836978912 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:36.841898918 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:36.895787954 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:36.906722069 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.023811102 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:37.029369116 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.081732035 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.174724102 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:37.201926947 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.321531057 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.323378086 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:37.533730984 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:37.539608955 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.781317949 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:37.879250050 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.289012909 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.293889999 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.304821014 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.309875965 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.319367886 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.324431896 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.324480057 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.329324007 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.538460016 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.564095020 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.564172029 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.670129061 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.716017962 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.720840931 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.739840984 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:38.839276075 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:38.961517096 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:39.175266981 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:40.281380892 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:40.330080032 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:40.350960970 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:40.356199980 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:40.527936935 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:40.672631025 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:40.905109882 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:40.911595106 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:40.911675930 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:45.366396904 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:45.418102026 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:45.672131062 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:45.968527079 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:45.968595982 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:45.972347021 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:45.973587990 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:46.211961985 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:46.332983971 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:46.333314896 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:46.895423889 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:46.900312901 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.142730951 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.259779930 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:47.264638901 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.503746986 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.514622927 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:47.519485950 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.767258883 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:47.851478100 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:48.024126053 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:48.029345036 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.053303003 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:48.058290958 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.150088072 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:48.154915094 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.268251896 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.379189014 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:48.387985945 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.557358027 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:48.557531118 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:49.532542944 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:49.537703991 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:49.568955898 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:49.575052977 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:49.591921091 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:49.596795082 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:49.780927896 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:49.836474895 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:49.836608887 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:49.900388956 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:50.063313007 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:52.140539885 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:52.333446026 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:52.573252916 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:52.672565937 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:53.813482046 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:53.818423033 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.048337936 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.054040909 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.057145119 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.152834892 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.214013100 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.292162895 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.296257019 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.301063061 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.373791933 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.378921032 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.401484966 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.406281948 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.414000034 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.498966932 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.539324045 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:54.672545910 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:54.991173983 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:55.007824898 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:55.163675070 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:55.237704992 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:55.375679970 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:55.789741993 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:55.789756060 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:55.789868116 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:56.440385103 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:56.493935108 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:56.563874006 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:56.568742037 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:56.608616114 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:56.613434076 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:56.971581936 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.063159943 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:57.091996908 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.153750896 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:57.158731937 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.400618076 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.563150883 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:57.668924093 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:57.673759937 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.722979069 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:57.728210926 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:57.915503979 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:58.035115957 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:58.035356045 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:58.239661932 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:58.244745970 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:58.486136913 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:58.563132048 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:59.405828953 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:47:59.410881996 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:59.701277018 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:47:59.875650883 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.186033010 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.191015959 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.230171919 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.238007069 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.241391897 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.246294975 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.441000938 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.553699970 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.558701992 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.696207047 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.701143980 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:00.751677036 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:00.757934093 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:01.063951015 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:01.154292107 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:01.159054041 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:01.374499083 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:01.499953032 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:01.500088930 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:01.739875078 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:01.747790098 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:02.294997931 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:02.340804100 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:02.875243902 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:02.880129099 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:03.139102936 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:03.375947952 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:03.879095078 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:03.884061098 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:04.126842976 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:04.172599077 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:06.238593102 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:06.243724108 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:06.485959053 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:06.671466112 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:07.161304951 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:07.166163921 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:07.406035900 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:07.469351053 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:07.642153025 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:07.647000074 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:07.913122892 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:08.004008055 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:08.972027063 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:08.977003098 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:09.218286037 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:09.375598907 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:10.813256025 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:10.818068981 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.056967974 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.211724997 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:11.216916084 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.222731113 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:11.227524042 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.350764990 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:11.356091976 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.810647011 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:11.908803940 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:11.908864021 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:11.909812927 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.063093901 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:12.166016102 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.166091919 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:12.168373108 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.172487020 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.590826035 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.667717934 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:12.713360071 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:12.879046917 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:13.470411062 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:13.475322962 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:13.588745117 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:13.593698978 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:13.723543882 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:13.787040949 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:13.843343973 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:13.969295025 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:15.885165930 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:15.890137911 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:16.130109072 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:16.266170025 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:22.458858967 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:22.463852882 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:22.709768057 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:22.750570059 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Oct 15, 2024 17:48:25.579440117 CEST | 9402 | 58092 | 12.221.146.138 | 192.168.2.8 |
| Oct 15, 2024 17:48:25.625550032 CEST | 58092 | 9402 | 192.168.2.8 | 12.221.146.138 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 15, 2024 17:44:35.666043043 CEST | 53 | 57878 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:44:47.122185946 CEST | 61473 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:44:47.422059059 CEST | 53 | 61473 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:44:53.062551975 CEST | 57542 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:44:54.064605951 CEST | 57542 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:44:55.064558029 CEST | 57542 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:44:57.072319984 CEST | 53 | 57542 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:44:57.072590113 CEST | 53 | 57542 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:44:57.072612047 CEST | 53 | 57542 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:01.369213104 CEST | 51090 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:02.377100945 CEST | 51090 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:03.377012014 CEST | 51090 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:05.379540920 CEST | 53 | 51090 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:05.379662991 CEST | 53 | 51090 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:05.379676104 CEST | 53 | 51090 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:09.878149986 CEST | 59035 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:10.876940012 CEST | 59035 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:11.892740011 CEST | 59035 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:13.908509970 CEST | 59035 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:14.415070057 CEST | 53 | 59035 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:14.415086031 CEST | 53 | 59035 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:14.415096998 CEST | 53 | 59035 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:14.415107965 CEST | 53 | 59035 | 1.1.1.1 | 192.168.2.8 |
| Oct 15, 2024 17:45:19.424778938 CEST | 55018 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 15, 2024 17:45:19.562762022 CEST | 53 | 55018 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 15, 2024 17:44:47.122185946 CEST | 192.168.2.8 | 1.1.1.1 | 0x134b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:44:53.062551975 CEST | 192.168.2.8 | 1.1.1.1 | 0x729c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:44:54.064605951 CEST | 192.168.2.8 | 1.1.1.1 | 0x729c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:44:55.064558029 CEST | 192.168.2.8 | 1.1.1.1 | 0x729c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:01.369213104 CEST | 192.168.2.8 | 1.1.1.1 | 0xcf4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:02.377100945 CEST | 192.168.2.8 | 1.1.1.1 | 0xcf4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:03.377012014 CEST | 192.168.2.8 | 1.1.1.1 | 0xcf4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:09.878149986 CEST | 192.168.2.8 | 1.1.1.1 | 0xec65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:10.876940012 CEST | 192.168.2.8 | 1.1.1.1 | 0xec65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:11.892740011 CEST | 192.168.2.8 | 1.1.1.1 | 0xec65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:13.908509970 CEST | 192.168.2.8 | 1.1.1.1 | 0xec65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:19.424778938 CEST | 192.168.2.8 | 1.1.1.1 | 0x3afc | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 15, 2024 17:44:47.422059059 CEST | 1.1.1.1 | 192.168.2.8 | 0x134b | No error (0) | 103.53.40.62 | A (IP address) | IN (0x0001) | false | ||
| Oct 15, 2024 17:44:57.072319984 CEST | 1.1.1.1 | 192.168.2.8 | 0x729c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:44:57.072590113 CEST | 1.1.1.1 | 192.168.2.8 | 0x729c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:44:57.072612047 CEST | 1.1.1.1 | 192.168.2.8 | 0x729c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:05.379540920 CEST | 1.1.1.1 | 192.168.2.8 | 0xcf4e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:05.379662991 CEST | 1.1.1.1 | 192.168.2.8 | 0xcf4e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:05.379676104 CEST | 1.1.1.1 | 192.168.2.8 | 0xcf4e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:14.415070057 CEST | 1.1.1.1 | 192.168.2.8 | 0xec65 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:14.415086031 CEST | 1.1.1.1 | 192.168.2.8 | 0xec65 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:14.415096998 CEST | 1.1.1.1 | 192.168.2.8 | 0xec65 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:14.415107965 CEST | 1.1.1.1 | 192.168.2.8 | 0xec65 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 15, 2024 17:45:19.562762022 CEST | 1.1.1.1 | 192.168.2.8 | 0x3afc | No error (0) | 12.221.146.138 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 58053 | 103.53.40.62 | 443 | 6560 | C:\Users\user\Desktop\sgJV11UlDP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-15 15:44:48 UTC | 174 | OUT | |
| 2024-10-15 15:44:49 UTC | 248 | IN | |
| 2024-10-15 15:44:49 UTC | 7944 | IN | |
| 2024-10-15 15:44:49 UTC | 8000 | IN | |
| 2024-10-15 15:44:49 UTC | 8000 | IN | |
| 2024-10-15 15:44:49 UTC | 8000 | IN | |
| 2024-10-15 15:44:49 UTC | 2424 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:44:12 |
| Start date: | 15/10/2024 |
| Path: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 5'329'718 bytes |
| MD5 hash: | F3A3332B13BAA50C41644B86EFDF0FE4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 11:44:36 |
| Start date: | 15/10/2024 |
| Path: | C:\Users\user\Desktop\sgJV11UlDP.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 5'329'718 bytes |
| MD5 hash: | F3A3332B13BAA50C41644B86EFDF0FE4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 20.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 16.3% |
| Total number of Nodes: | 1535 |
| Total number of Limit Nodes: | 48 |
Graph
Function 00403248 Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405252 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004057B5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040380A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DC4 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 181memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040600F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405114 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406317 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040206A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040568C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040576D Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025EA Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 34stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E8F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040156F Relevance: 3.0, APIs: 2, Instructions: 23COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B86 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B61 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405657 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402631 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402363 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BFE Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70022921 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401563 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004040C7 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403200 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004040B0 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040409D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70022A38 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401F48 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040450D Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70021A98 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A80 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004041E6 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C5C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402CDD Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004040E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 700224D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004049CE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 700222F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 70021837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DFF Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004048C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A73 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405985 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 700210E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AEB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 8.2% |
| Dynamic/Decrypted Code Coverage: | 98% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 150 |
| Total number of Limit Nodes: | 13 |
Graph
Function 366E7BB8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157112 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157120 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 366E290F Relevance: 1.6, APIs: 1, Instructions: 115COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 366E2918 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 366E3844 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157360 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157368 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00152260 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00152268 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D500 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD0FC Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009D4FB Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD0F7 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403289 Relevance: 75.5, APIs: 30, Strings: 13, Instructions: 288stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004057B5 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A80 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405252 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040380A Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004041E6 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 202windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040336A Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 156stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403248 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 93stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C5C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040450D Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040600F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405114 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004040E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402E52 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 137memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004049CE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402CDD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406317 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040206A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DFF Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004048C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004055DA Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AEB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|