Windows
Analysis Report
SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe (PID: 4784 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Inj ect5.1262. 5931.28554 .exe" MD5: 09289584ED12A81A0A2A2D6DF31DF6DA) - RegAsm.exe (PID: 1540 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - WerFault.exe (PID: 7036 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 540 -s 182 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-18T14:09:15.493292+0200 | 2855924 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 50009 | 167.71.56.116 | 22781 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 1_2_01228390 | |
Source: | Code function: | 1_2_01225F88 | |
Source: | Code function: | 1_2_012256B8 | |
Source: | Code function: | 1_2_01225370 | |
Source: | Code function: | 1_2_01220BA0 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_01227229 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 131 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 141 Virtualization/Sandbox Evasion | LSASS Memory | 141 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 311 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Win32.Trojan.NeptuneLoader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.71.56.116 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537052 |
Start date and time: | 2024-10-18 14:06:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@4/5@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): onedsblobprdcus15.centralus.cloudapp.azure.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe
Time | Type | Description |
---|---|---|
08:07:34 | API Interceptor | |
09:18:37 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
167.71.56.116 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | njRat | Browse | |||
Get hash | malicious | Nanocore | Browse | |||
Get hash | malicious | Nanocore | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | Njrat | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_9be59e14b6b73c7898b15b8fa4185e5466451f4_38d14e40_eaf77835-1e61-4326-8852-8f37b184aff2\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2822384333069519 |
Encrypted: | false |
SSDEEP: | 192:9vvbeFy/uVKN0BU/qaUtY3oXcsxLzuiF/Z24IO8V5:9XluVzBU/qaUtXcEzuiF/Y4IO8V |
MD5: | FF3B4F929624F719F6213D7221D654A0 |
SHA1: | A21803F753766BE95DFF1E6F531CBFF755F59653 |
SHA-256: | A33925DFED8618B611C4C16E32BDE8CDAFF2359B799806507E7CDC53BEC29125 |
SHA-512: | B37663E6905A81BA6B82375896A1C9084A778369ACE15BF3C6F61A089B96FB94F7DF99E602F9C02D6AC7080EA22D3D6E53C50041994DFF684C60D98B719A1F1D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285655 |
Entropy (8bit): | 3.7766900047446073 |
Encrypted: | false |
SSDEEP: | 3072:V5UqWAQayI7U4uEqfMPvHfLTgo2QZeNzzU6BCjHtX8:DUqCayqU4yMTTgoVeN3UwCJs |
MD5: | D7FA7AB8DD9F1945937EA8312C76D905 |
SHA1: | 9C9C7B3A4567EC7EB962C7511C1D8588288A3AF4 |
SHA-256: | 0585D6D6255E589C2A1C9A9F00B800CFF42931E9A75EAB7BB3CF04A05656031B |
SHA-512: | 2A95B0CE08EF3383DD1C9E41860C54C5A158A70CC6695975475F98A960A6AD17AAD11D0C0F3AB462D7E4BBAF2CD01B49190569CF12A4473E1D0559270768253F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6378 |
Entropy (8bit): | 3.7148771222472727 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJeYA6IwrrYZOxprD89bNsQ4sfEPm:R6lXJm6IQY8oNsQrfx |
MD5: | 82589AD71B5EB95386839A616D9BB438 |
SHA1: | 9F2348AE29E828C4550D85FFF5F4C5C76BD6B7C7 |
SHA-256: | F80B38C42D1953ADBFA8785AD867080D36B8666FAE889CEA8AA17951777F60FC |
SHA-512: | 63527E95BEECE3981C56253E1EC4631BA94A5BAA158E8FD08261D7AC06904BBF03CD438D6EB44044249CC55ADC0005F626B79EEE1A9A4658419DD7D39713D630 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4721 |
Entropy (8bit): | 4.435752713483193 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsDJg77aI9QbWpW8VYPjYm8M4JfuyziF1I+q8vZyzc5QgLuOLuWrd:uIjfdI7aq7VXJfua0IKZac5BukuWrd |
MD5: | F6A05307147E900FF9552C670705A941 |
SHA1: | B2D50E011BC6B438800B890D6B7E2DF3BF75780F |
SHA-256: | BBADF6ED4124B4C119D8876724DEF9EA77A6416D3D9E09E43BB96EB23521C1CE |
SHA-512: | D55184F3A875BF1E76608AB8F8BA14729E0F95E4FBEA6C554455AC4C50D0C15B3417E7C6A53E5C598669008DA9DCE9DEDF6918A2047F6D9BAD1CEC11576DA7C2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.417535697182074 |
Encrypted: | false |
SSDEEP: | 6144:Ocifpi6ceLPL9skLmb0mdSWSPtaJG8nAgex285i2MMhA20X4WABlGuNL5+:bi58dSWIZBk2MM6AFBlo |
MD5: | 40313EB3A3CBB6751F70A0AF1FC1A91D |
SHA1: | 82C9C7F685CBEEBCAE4B039713B66A417E949E0C |
SHA-256: | 45F2799EA60DEB05A83874B39FEE44F1E5C0A110EC70DF6C887D7B7B6D0E6005 |
SHA-512: | 6DAB42C66AFC783CAA38FCD6EC1F1F2B983231E030E9AC8F9010387A155595DE611A89F27DE7754195F87AC6A2D2EFD415E4156E5EAF8D36E66327178EBCD804 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.309641950556383 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
File size: | 2'121'456 bytes |
MD5: | 09289584ed12a81a0a2a2d6df31df6da |
SHA1: | 26fb4b863c809c1dde042bf5fe9d1de98e694487 |
SHA256: | 2ce4cfe235350e3cb4f613e988203e8c6745db826bcb1f0aa2399d9427ef2357 |
SHA512: | e6d4cea771d4cdc0fa958aef23fc7f9ad575b2e49bec65e8b22fb2de5ce551de6936d052544004200a097410fbb7109b7d6f71d1c01889bb9b5e0dc53fb72ac7 |
SSDEEP: | 24576:QljLYQBtY2rLbnoQVNYRvobF5ZIMfffffffffffffffTEqNrK2Y/l6q3:QxbB7VYSMR/l6q3 |
TLSH: | 5AA5F703EF6452B5E93D36BA11B26BB5473BE52BDC8B480A59B3347F8A231D0382D355 |
File Content Preview: | MZP.....................@...............................................!..L.!This program cannot be run in DOS mode....$...................................................................................................................................... |
Icon Hash: | 2bbd7b3bbb91184c |
Entrypoint: | 0x541228 |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6594420D [Tue Jan 2 17:04:13 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | c27196cb386d9c2fcebfe58d6b783f7f |
Signature Valid: | false |
Signature Issuer: | SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 0CFB7685B54EF58E0DD65B242E82E080 |
Thumbprint SHA-1: | 2D5609B5B7FB15C2CCF27F91E6AF062511E37170 |
Thumbprint SHA-256: | 751E9D2F2901B771BE8DA1AFB24B2D3E51E4EA32B8E21CA425DD280701608FBA |
Serial: | 07AD5CFABFBBAA |
Instruction |
---|
push ebp |
mov ebp, esp |
mov ecx, 0000000Dh |
push 00000000h |
push 00000000h |
dec ecx |
jne 00007EFE1C6E85ABh |
push ebx |
push esi |
mov eax, 0053AF30h |
call 00007EFE1C5B850Eh |
xor eax, eax |
push ebp |
push 00541838h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov dl, 01h |
mov eax, dword ptr [0053ABCCh] |
call 00007EFE1C5AF714h |
mov esi, eax |
mov eax, 00561A68h |
mov edx, esi |
test edx, edx |
je 00007EFE1C6E85B5h |
sub edx, FFFFFFF8h |
call 00007EFE1C5B5C03h |
xor eax, eax |
mov dword ptr [ebp-14h], eax |
xor ecx, ecx |
push ebp |
push 005417F9h |
push dword ptr fs:[ecx] |
mov dword ptr fs:[ecx], esp |
lea edx, dword ptr [ebp-14h] |
mov eax, 00000001h |
call 00007EFE1C6E0C77h |
xor eax, eax |
mov dword ptr [ebp-18h], eax |
xor ecx, ecx |
push ebp |
push 005417DAh |
push dword ptr fs:[ecx] |
mov dword ptr fs:[ecx], esp |
lea edx, dword ptr [ebp-18h] |
mov eax, 00000002h |
call 00007EFE1C6E0C57h |
mov edx, dword ptr [ebp-18h] |
mov eax, edx |
test eax, eax |
je 00007EFE1C6E85B7h |
sub eax, 04h |
mov eax, dword ptr [eax] |
test eax, eax |
jle 00007EFE1C6E85C6h |
mov eax, edx |
test eax, eax |
je 00007EFE1C6E85B7h |
sub eax, 04h |
mov eax, dword ptr [eax] |
lea edx, dword ptr [ebp-18h] |
xchg eax, edx |
call 00007EFE1C5B2035h |
lea ecx, dword ptr [ebp-44h] |
mov edx, 00541854h |
mov eax, dword ptr [ebp-18h] |
call 00007EFE1C679449h |
mov edx, dword ptr [ebp-44h] |
mov eax, 00561A4Ch |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x164000 | 0x71 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x162000 | 0xeaa | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x180000 | 0x91842 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x204a00 | 0x14f0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x167000 | 0x18968 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x166000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1622c4 | 0x24c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x163000 | 0x1ea | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x13ec30 | 0x13ee00 | c51c6cb37ed5ce0e3f5505dc3ac403bc | False | 0.36596019330654644 | data | 6.490706528468914 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x140000 | 0x1934 | 0x1a00 | 7ac92331d0c7df1bc9e4c0d07104c159 | False | 0.5147235576923077 | data | 6.232517754168578 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x142000 | 0x182d4 | 0x18400 | a20ea187c764645fcd5c35d906f0f7f6 | False | 0.18651336984536082 | data | 5.281725279036479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x15b000 | 0x6a6c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x162000 | 0xeaa | 0x1000 | 3cf5ec88566996006540ea535e613c5c | False | 0.352294921875 | zlib compressed data | 4.7520074705410895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x163000 | 0x1ea | 0x200 | 61251115c0a0c926bd55f02b7ec230a7 | False | 0.416015625 | firmware 100 v0 (revision 1915819520) (1\026 , version 52263.16640.35879 (region 2284852736), 0 bytes or less, UNKNOWN1 0x88301600, at 0 0 bytes , at 0 0 bytes , at 0x48534000 3226615808 bytes | 3.345822242610369 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x164000 | 0x71 | 0x200 | 93b1b87c3109e7fee7b3e8bb61ade18e | False | 0.1796875 | data | 1.3456704524513246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x165000 | 0x20 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x166000 | 0x5d | 0x200 | fdcc303ff40bb15074bd3ec3e38eac94 | False | 0.189453125 | data | 1.376875570449468 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x167000 | 0x18968 | 0x18a00 | 17ed0a2e57f1b8c5b6904d0a2d26f915 | False | 0.528216211928934 | data | 6.669990802122488 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x180000 | 0x91842 | 0x91a00 | 1608fa01be6fd3aefd5f8e76194afd48 | False | 0.1028014350858369 | data | 3.4961514116837944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x180618 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | 0.47681236673773986 | ||
RT_ICON | 0x1814c0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.6078519855595668 | ||
RT_ICON | 0x181d68 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | 0.4971198156682028 | ||
RT_ICON | 0x182430 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.5852601156069365 | ||
RT_ICON | 0x182998 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.30933609958506225 | ||
RT_ICON | 0x184f40 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.40384615384615385 | ||
RT_ICON | 0x185fe8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.4319672131147541 | ||
RT_ICON | 0x186970 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5939716312056738 | ||
RT_STRING | 0x186dd8 | 0x33c | data | 0.4190821256038647 | ||
RT_STRING | 0x187114 | 0x3dc | data | 0.2834008097165992 | ||
RT_STRING | 0x1874f0 | 0x370 | data | 0.4147727272727273 | ||
RT_STRING | 0x187860 | 0x464 | data | 0.37277580071174377 | ||
RT_STRING | 0x187cc4 | 0x4a8 | data | 0.3213087248322148 | ||
RT_STRING | 0x18816c | 0x3d4 | data | 0.376530612244898 | ||
RT_STRING | 0x188540 | 0x440 | data | 0.3704044117647059 | ||
RT_STRING | 0x188980 | 0x1d0 | data | 0.40301724137931033 | ||
RT_STRING | 0x188b50 | 0xcc | data | 0.6225490196078431 | ||
RT_STRING | 0x188c1c | 0x17c | data | 0.55 | ||
RT_STRING | 0x188d98 | 0x384 | data | 0.3811111111111111 | ||
RT_STRING | 0x18911c | 0x3e0 | data | 0.3326612903225806 | ||
RT_STRING | 0x1894fc | 0x368 | data | 0.37844036697247707 | ||
RT_STRING | 0x189864 | 0x294 | data | 0.43787878787878787 | ||
RT_RCDATA | 0x189af8 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x189b08 | 0x40c | data | 0.5318532818532818 | ||
RT_GROUP_ICON | 0x189f14 | 0x76 | data | 0.6610169491525424 | ||
RT_VERSION | 0x189f8c | 0x4b8 | COM executable for DOS | English | United States | 0.3120860927152318 |
RT_HTML | 0x18a444 | 0x873f3 | data | 0.08053670679512104 | ||
RT_HTML | 0x211838 | 0xa | ASCII text, with no line terminators | 1.8 |
DLL | Import |
---|---|
kernel32.dll | GetACP, CloseHandle, LocalFree, SizeofResource, ReadProcessMemory, QueryPerformanceFrequency, IsDebuggerPresent, VirtualFree, SetThreadContext, GetThreadContext, GetFullPathNameW, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, WriteProcessMemory, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, CopyFileW, LoadLibraryA, ResetEvent, GetVersion, FreeResource, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, ReleaseMutex, LoadResource, SuspendThread, GetTickCount, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, VirtualAllocEx, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, CreateMutexA, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, IsValidLocale, TlsSetValue, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, CreateEventW, SetThreadLocale, GetThreadLocale |
user32.dll | CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, CharLowerBuffW, LoadStringW, CharUpperW, PeekMessageW, GetSystemMetrics, MessageBoxW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
msvcrt.dll | isupper, isalpha, isalnum, toupper, memchr, memcmp, memcpy, memset, isprint, isspace, iscntrl, isxdigit, ispunct, isgraph, islower, tolower |
advapi32.dll | RegQueryValueExW, RegCloseKey, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
__dbk_fcall_wrapper | 2 | 0x411070 |
dbkFCallWrapperAddr | 1 | 0x55e63c |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-18T14:09:15.493292+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.7 | 50009 | 167.71.56.116 | 22781 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 14:07:35.197186947 CEST | 49714 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:35.202147961 CEST | 22781 | 49714 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:35.202279091 CEST | 49714 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:35.299407959 CEST | 49714 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:35.304260969 CEST | 22781 | 49714 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:35.807558060 CEST | 22781 | 49714 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:35.807643890 CEST | 49714 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:39.695691109 CEST | 49714 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:39.696995974 CEST | 49740 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:39.700562000 CEST | 22781 | 49714 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:39.701874971 CEST | 22781 | 49740 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:39.701975107 CEST | 49740 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:39.725502968 CEST | 49740 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:39.730410099 CEST | 22781 | 49740 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:40.323682070 CEST | 22781 | 49740 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:40.323802948 CEST | 49740 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:43.039573908 CEST | 49740 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:43.040503979 CEST | 49757 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:43.064047098 CEST | 22781 | 49740 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:43.064069033 CEST | 22781 | 49757 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:43.064156055 CEST | 49757 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:43.088618994 CEST | 49757 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:43.093553066 CEST | 22781 | 49757 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:43.675582886 CEST | 22781 | 49757 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:43.675885916 CEST | 49757 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:47.891036034 CEST | 49757 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:47.893939018 CEST | 49786 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:47.895817995 CEST | 22781 | 49757 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:47.898710966 CEST | 22781 | 49786 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:47.898762941 CEST | 49786 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:48.072127104 CEST | 49786 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:48.077035904 CEST | 22781 | 49786 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:48.505624056 CEST | 22781 | 49786 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:48.505726099 CEST | 49786 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:51.570723057 CEST | 49786 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:51.572331905 CEST | 49809 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:51.575747967 CEST | 22781 | 49786 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:51.578500986 CEST | 22781 | 49809 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:51.578568935 CEST | 49809 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:51.640732050 CEST | 49809 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:51.645929098 CEST | 22781 | 49809 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.188595057 CEST | 22781 | 49809 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.188662052 CEST | 49809 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:52.289459944 CEST | 49809 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:52.290769100 CEST | 49813 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:52.295883894 CEST | 22781 | 49809 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.296714067 CEST | 22781 | 49813 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.296785116 CEST | 49813 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:52.321935892 CEST | 49813 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:52.326932907 CEST | 22781 | 49813 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.913460970 CEST | 22781 | 49813 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:52.913562059 CEST | 49813 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:57.461303949 CEST | 49813 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:57.462872982 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:57.466677904 CEST | 22781 | 49813 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:57.467791080 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:57.467861891 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:57.493340015 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:57.498404026 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:58.683520079 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:58.683667898 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:58.683885098 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:58.683989048 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:07:58.684732914 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:07:58.684788942 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:01.758122921 CEST | 49844 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:01.759607077 CEST | 49860 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:01.763149977 CEST | 22781 | 49844 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:01.764626026 CEST | 22781 | 49860 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:01.764704943 CEST | 49860 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:01.782706022 CEST | 49860 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:01.790512085 CEST | 22781 | 49860 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:02.361145020 CEST | 22781 | 49860 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:02.361221075 CEST | 49860 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:06.477111101 CEST | 49860 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:06.478296041 CEST | 49890 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:06.483997107 CEST | 22781 | 49860 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:06.484757900 CEST | 22781 | 49890 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:06.484833002 CEST | 49890 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:06.501818895 CEST | 49890 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:06.511410952 CEST | 22781 | 49890 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:07.098946095 CEST | 22781 | 49890 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:07.099049091 CEST | 49890 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:11.461443901 CEST | 49890 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:11.462374926 CEST | 49917 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:11.467978001 CEST | 22781 | 49890 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:11.468046904 CEST | 22781 | 49917 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:11.468138933 CEST | 49917 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:11.484376907 CEST | 49917 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:11.489353895 CEST | 22781 | 49917 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:12.082104921 CEST | 22781 | 49917 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:12.082180977 CEST | 49917 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:14.414498091 CEST | 49917 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:14.416580915 CEST | 49936 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:14.419508934 CEST | 22781 | 49917 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:14.421515942 CEST | 22781 | 49936 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:14.421596050 CEST | 49936 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:14.451001883 CEST | 49936 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:14.455846071 CEST | 22781 | 49936 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:15.046005964 CEST | 22781 | 49936 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:15.046132088 CEST | 49936 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:17.320676088 CEST | 49936 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:17.322350025 CEST | 49954 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:17.325763941 CEST | 22781 | 49936 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:17.327306032 CEST | 22781 | 49954 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:17.327382088 CEST | 49954 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:17.346410990 CEST | 49954 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:17.352056980 CEST | 22781 | 49954 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:17.930115938 CEST | 22781 | 49954 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:17.930217981 CEST | 49954 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:19.805001974 CEST | 49954 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:19.805670023 CEST | 49969 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:19.810637951 CEST | 22781 | 49954 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:19.813611031 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:19.813678980 CEST | 49969 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:19.828150988 CEST | 49969 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:19.833308935 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:20.442128897 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:20.442217112 CEST | 49969 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:21.789463043 CEST | 49969 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:21.790360928 CEST | 49982 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:21.794646978 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:21.799995899 CEST | 22781 | 49982 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:21.800095081 CEST | 49982 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:21.815999031 CEST | 49982 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:21.823003054 CEST | 22781 | 49982 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:22.500119925 CEST | 22781 | 49982 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:22.500186920 CEST | 49982 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:23.765489101 CEST | 49982 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:23.769953966 CEST | 49987 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:23.779652119 CEST | 22781 | 49982 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:23.780236959 CEST | 22781 | 49987 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:23.780318975 CEST | 49987 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.376769066 CEST | 49987 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.383722067 CEST | 22781 | 49987 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:24.386051893 CEST | 22781 | 49987 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:24.386116982 CEST | 49987 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.445847988 CEST | 49987 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.450619936 CEST | 49988 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.450767040 CEST | 22781 | 49987 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:24.455452919 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:24.455526114 CEST | 49988 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.561115980 CEST | 49988 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:24.566199064 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:25.053076029 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:25.053240061 CEST | 49988 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:26.383224010 CEST | 49988 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:26.384138107 CEST | 49989 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:26.388390064 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:26.389195919 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:26.389266014 CEST | 49989 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:26.407402992 CEST | 49989 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:26.412379026 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:26.986089945 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:26.986330986 CEST | 49989 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:28.042514086 CEST | 49989 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:28.045309067 CEST | 49990 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:28.047646999 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:28.050508976 CEST | 22781 | 49990 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:28.050579071 CEST | 49990 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:28.124339104 CEST | 49990 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:28.129498959 CEST | 22781 | 49990 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:28.651015043 CEST | 22781 | 49990 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:28.651084900 CEST | 49990 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:29.289578915 CEST | 49990 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:29.291184902 CEST | 49991 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:29.295346975 CEST | 22781 | 49990 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:29.296590090 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:29.296857119 CEST | 49991 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:29.313489914 CEST | 49991 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:29.320894957 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:29.894649029 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:29.894907951 CEST | 49991 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:30.617573977 CEST | 49991 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:30.618419886 CEST | 49992 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:30.622633934 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:30.623788118 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:30.623898983 CEST | 49992 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:30.643780947 CEST | 49992 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:30.648863077 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:31.245945930 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:31.246089935 CEST | 49992 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:31.539433002 CEST | 49992 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:31.540539980 CEST | 49993 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:31.544553041 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:31.545739889 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:31.545825958 CEST | 49993 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:31.567186117 CEST | 49993 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:31.572247982 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:32.341016054 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:32.341156006 CEST | 49993 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:32.399038076 CEST | 49993 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:32.400218010 CEST | 49994 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:32.404854059 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:32.405630112 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:32.405759096 CEST | 49994 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:32.427752972 CEST | 49994 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:32.432740927 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.020369053 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.020529985 CEST | 49994 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.258157015 CEST | 49994 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.259076118 CEST | 49995 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.263196945 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.264266968 CEST | 22781 | 49995 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.264353991 CEST | 49995 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.280724049 CEST | 49995 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.286983013 CEST | 22781 | 49995 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.882023096 CEST | 22781 | 49995 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.882266045 CEST | 49995 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.978084087 CEST | 49995 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.979921103 CEST | 49996 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:33.985893011 CEST | 22781 | 49995 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.986926079 CEST | 22781 | 49996 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:33.987023115 CEST | 49996 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:34.006671906 CEST | 49996 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:34.012892008 CEST | 22781 | 49996 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:34.608427048 CEST | 22781 | 49996 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:34.608500957 CEST | 49996 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.008270979 CEST | 49996 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.008976936 CEST | 49997 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.022394896 CEST | 22781 | 49996 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.024431944 CEST | 22781 | 49997 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.024863958 CEST | 49997 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.040565014 CEST | 49997 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.046315908 CEST | 22781 | 49997 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.640820980 CEST | 22781 | 49997 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.640887022 CEST | 49997 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.743150949 CEST | 49997 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.745285034 CEST | 49998 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.749279022 CEST | 22781 | 49997 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.752190113 CEST | 22781 | 49998 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:35.752283096 CEST | 49998 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.794491053 CEST | 49998 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:35.799546003 CEST | 22781 | 49998 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:36.361709118 CEST | 22781 | 49998 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:36.361779928 CEST | 49998 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:36.539504051 CEST | 49998 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:36.541551113 CEST | 49999 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:36.544536114 CEST | 22781 | 49998 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:36.547200918 CEST | 22781 | 49999 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:36.547275066 CEST | 49999 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:36.579345942 CEST | 49999 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:36.584461927 CEST | 22781 | 49999 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.148895979 CEST | 22781 | 49999 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.152906895 CEST | 49999 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.258174896 CEST | 49999 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.260605097 CEST | 50000 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.263354063 CEST | 22781 | 49999 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.265988111 CEST | 22781 | 50000 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.266088963 CEST | 50000 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.291207075 CEST | 50000 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.308943033 CEST | 22781 | 50000 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.880815983 CEST | 22781 | 50000 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.880925894 CEST | 50000 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.883809090 CEST | 50000 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.885420084 CEST | 50001 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.888629913 CEST | 22781 | 50000 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.890558004 CEST | 22781 | 50001 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:37.890667915 CEST | 50001 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.911129951 CEST | 50001 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:37.916038036 CEST | 22781 | 50001 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:38.492400885 CEST | 22781 | 50001 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:38.492528915 CEST | 50001 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:38.493860006 CEST | 50001 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:38.498692036 CEST | 22781 | 50001 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:38.514398098 CEST | 50002 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:38.519309998 CEST | 22781 | 50002 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:38.520124912 CEST | 50002 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:38.542150021 CEST | 50002 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:38.547074080 CEST | 22781 | 50002 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:39.117603064 CEST | 22781 | 50002 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:39.117711067 CEST | 50002 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.883266926 CEST | 50002 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.884825945 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.888186932 CEST | 22781 | 50002 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:43.890338898 CEST | 22781 | 50003 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:43.890419960 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.940310001 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.945342064 CEST | 22781 | 50003 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:43.956545115 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:43.961476088 CEST | 22781 | 50003 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:44.499233007 CEST | 22781 | 50003 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:44.499450922 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:48.961491108 CEST | 50003 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:48.962404013 CEST | 50004 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:48.966497898 CEST | 22781 | 50003 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:48.967263937 CEST | 22781 | 50004 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:48.967401028 CEST | 50004 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:49.004990101 CEST | 50004 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:49.010015011 CEST | 22781 | 50004 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:49.576527119 CEST | 22781 | 50004 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:49.576622009 CEST | 50004 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.148864031 CEST | 50004 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.153125048 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.154252052 CEST | 22781 | 50004 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.158113003 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.158188105 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.201013088 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.205967903 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.227576017 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.232357025 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.461687088 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.466703892 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.493259907 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.498330116 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.508364916 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.513323069 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.540133953 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.545133114 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.602217913 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.607148886 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.617824078 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.622724056 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.695934057 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:54.701015949 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.764931917 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:54.765033960 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:59.742563009 CEST | 50005 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:59.745263100 CEST | 50006 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:59.747560024 CEST | 22781 | 50005 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:59.750102997 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:08:59.750226974 CEST | 50006 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:59.860810995 CEST | 50006 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:08:59.865801096 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:00.349772930 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:00.349833965 CEST | 50006 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:04.883291006 CEST | 50006 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:04.884968996 CEST | 50007 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:04.888283014 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:04.889873981 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:04.889976978 CEST | 50007 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:04.919812918 CEST | 50007 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:04.924720049 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:05.485898972 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:05.485971928 CEST | 50007 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:09.930206060 CEST | 50007 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:09.932667971 CEST | 50008 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:09.935168028 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:09.937629938 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:09.937712908 CEST | 50008 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:10.125859976 CEST | 50008 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:10.130789995 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:10.548003912 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:10.548084974 CEST | 50008 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.415466070 CEST | 50008 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.417583942 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.420351028 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:15.422646046 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:15.422715902 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.471873999 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.476809978 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:15.493292093 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:15.499926090 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:16.031352043 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:16.031502962 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:20.867572069 CEST | 50009 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:20.868762016 CEST | 50010 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:20.872442007 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:20.873611927 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:20.873708010 CEST | 50010 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:20.972224951 CEST | 50010 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:20.977087021 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:21.470021963 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:21.470082998 CEST | 50010 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:26.039719105 CEST | 50010 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:26.042565107 CEST | 50011 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:26.045706034 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:26.048372984 CEST | 22781 | 50011 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:26.048772097 CEST | 50011 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:26.087084055 CEST | 50011 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:26.092122078 CEST | 22781 | 50011 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:26.651211023 CEST | 22781 | 50011 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:26.651307106 CEST | 50011 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:31.938153028 CEST | 50011 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:31.941442966 CEST | 50012 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:31.943041086 CEST | 22781 | 50011 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:31.946321011 CEST | 22781 | 50012 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:31.946398973 CEST | 50012 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.388362885 CEST | 50012 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.393368006 CEST | 22781 | 50012 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.550098896 CEST | 22781 | 50012 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.550169945 CEST | 50012 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.551224947 CEST | 50012 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.553397894 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.556240082 CEST | 22781 | 50012 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.558170080 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.558243990 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.615752935 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.620656013 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.867938995 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.872826099 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:32.883671999 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:32.888494968 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:33.163189888 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:33.163285971 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:37.977060080 CEST | 50013 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:37.980254889 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:37.981853008 CEST | 22781 | 50013 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:37.985008001 CEST | 22781 | 50014 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:37.985083103 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:38.031229019 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:38.036473989 CEST | 22781 | 50014 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:38.164679050 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:38.169585943 CEST | 22781 | 50014 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:38.596219063 CEST | 22781 | 50014 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:38.596308947 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:43.273890972 CEST | 50014 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:43.274960041 CEST | 50015 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:43.278939962 CEST | 22781 | 50014 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:43.279769897 CEST | 22781 | 50015 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:43.279838085 CEST | 50015 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:43.317435980 CEST | 50015 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:43.322319031 CEST | 22781 | 50015 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:43.888209105 CEST | 22781 | 50015 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:43.888807058 CEST | 50015 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:48.486605883 CEST | 50015 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:48.491509914 CEST | 22781 | 50015 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:48.551410913 CEST | 50016 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:48.560668945 CEST | 22781 | 50016 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:48.560745001 CEST | 50016 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:48.906105995 CEST | 50016 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:48.910912037 CEST | 22781 | 50016 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.167678118 CEST | 22781 | 50016 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.168912888 CEST | 50016 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.172003984 CEST | 50016 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.177519083 CEST | 22781 | 50016 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.178673029 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.183542013 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.184801102 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.227715015 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.232515097 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.383646011 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.388434887 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.586714029 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.591645956 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.743093014 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.747827053 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.781749964 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.781826973 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.781873941 CEST | 50017 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.782481909 CEST | 50018 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.786675930 CEST | 22781 | 50017 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.787282944 CEST | 22781 | 50018 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:49.787333965 CEST | 50018 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.851553917 CEST | 50018 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:49.856333971 CEST | 22781 | 50018 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:50.394187927 CEST | 22781 | 50018 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:50.394471884 CEST | 50018 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:54.930239916 CEST | 50018 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:54.932698965 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:54.935113907 CEST | 22781 | 50018 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:54.937534094 CEST | 22781 | 50019 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:54.937681913 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:55.030759096 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:55.035531998 CEST | 22781 | 50019 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:55.289849997 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:09:55.297247887 CEST | 22781 | 50019 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:55.533768892 CEST | 22781 | 50019 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:09:55.533833981 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.352444887 CEST | 50019 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.357409954 CEST | 22781 | 50019 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:00.357465982 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.362287045 CEST | 22781 | 50020 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:00.362366915 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.432243109 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.437050104 CEST | 22781 | 50020 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:00.789944887 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:00.794847965 CEST | 22781 | 50020 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:00.959506035 CEST | 22781 | 50020 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:00.959755898 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:05.836426020 CEST | 50020 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:05.839724064 CEST | 50021 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:05.841264963 CEST | 22781 | 50020 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:05.844607115 CEST | 22781 | 50021 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:05.844727039 CEST | 50021 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:06.029803038 CEST | 50021 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:06.034987926 CEST | 22781 | 50021 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:06.432492018 CEST | 22781 | 50021 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:06.432574034 CEST | 50021 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.315515041 CEST | 50021 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.317900896 CEST | 50022 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.320324898 CEST | 22781 | 50021 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.322726965 CEST | 22781 | 50022 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.322809935 CEST | 50022 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.405093908 CEST | 50022 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.410057068 CEST | 22781 | 50022 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.912229061 CEST | 22781 | 50022 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.912312031 CEST | 50022 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.912414074 CEST | 50022 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.913923025 CEST | 50023 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.917220116 CEST | 22781 | 50022 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.918725014 CEST | 22781 | 50023 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:11.918797016 CEST | 50023 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.946582079 CEST | 50023 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:11.951451063 CEST | 22781 | 50023 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:12.510632992 CEST | 22781 | 50023 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:12.510710955 CEST | 50023 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.040158987 CEST | 50023 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.042043924 CEST | 50035 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.045203924 CEST | 22781 | 50023 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:32.047333956 CEST | 22781 | 50035 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:32.047422886 CEST | 50035 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.096044064 CEST | 50035 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.100893974 CEST | 22781 | 50035 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:32.639133930 CEST | 22781 | 50035 | 167.71.56.116 | 192.168.2.7 |
Oct 18, 2024 14:10:32.639329910 CEST | 50035 | 22781 | 192.168.2.7 | 167.71.56.116 |
Oct 18, 2024 14:10:32.754971027 CEST | 50035 | 22781 | 192.168.2.7 | 167.71.56.116 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:07:26 |
Start date: | 18/10/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x720000 |
File size: | 2'121'456 bytes |
MD5 hash: | 09289584ED12A81A0A2A2D6DF31DF6DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 08:07:26 |
Start date: | 18/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 09:18:21 |
Start date: | 18/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe20000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 16.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 61 |
Total number of Limit Nodes: | 9 |
Graph
Function 012256B8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01228390 Relevance: .3, Instructions: 332COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01225F88 Relevance: .3, Instructions: 266COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01227FA0 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01227999 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122792C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01225370 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01220BA0 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|