Edit tour
Windows
Analysis Report
Payslip_October_2024_pdf.exe
Overview
General Information
| Sample name: | Payslip_October_2024_pdf.exe |
| Analysis ID: | 1548160 |
| MD5: | 00d35f16da780121846ac5345e6fddd5 |
| SHA1: | dc1610ef8a4f55cccf4ebabd3517b9b5706ff262 |
| SHA256: | 30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb |
| Tags: | AgentTeslaexeuser-threatcat_ch |
| Infos: |   |
 | |
Detection
AgentTesla
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
Payslip_October_2024_pdf.exe (PID: 6992 cmdline:
"C:\Users\ user\Deskt op\Payslip _October_2 024_pdf.ex e" MD5: 00D35F16DA780121846AC5345E6FDDD5) 
RegSvcs.exe (PID: 7040 cmdline: "C:\Users\ user\Deskt op\Payslip _October_2 024_pdf.ex e" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- sgxIb.exe (PID: 3448 cmdline:
"C:\Users\ user\AppDa ta\Roaming \sgxIb\sgx Ib.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) 
conhost.exe (PID: 2676 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- sgxIb.exe (PID: 4076 cmdline:
"C:\Users\ user\AppDa ta\Roaming \sgxIb\sgx Ib.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) - conhost.exe (PID: 3332 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| Click to see the 8 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 7 entries | ||||
System Summary |   |
|---|
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-04T03:18:17.008684+0100 | 2022930 | 1 | A Network Trojan was detected | 4.245.163.56 | 443 | 192.168.2.4 | 49735 | TCP |
| 2024-11-04T03:18:55.870238+0100 | 2022930 | 1 | A Network Trojan was detected | 4.245.163.56 | 443 | 192.168.2.4 | 49741 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00D04696 | |
| Source: | Code function: | 0_2_00D0C9C7 | |
| Source: | Code function: | 0_2_00D0C93C | |
| Source: | Code function: | 0_2_00D0F200 | |
| Source: | Code function: | 0_2_00D0F35D | |
| Source: | Code function: | 0_2_00D0F65E | |
| Source: | Code function: | 0_2_00D03A2B | |
| Source: | Code function: | 0_2_00D03D4E | |
| Source: | Code function: | 0_2_00D0BF27 | |
Networking | |
|---|
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | FTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00D125E2 | |
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | .Net Code: | ||
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00D1425A | |
| Source: | Code function: | 0_2_00D14458 | |
| Source: | Code function: | 0_2_00D1425A | |
| Source: | Code function: | 0_2_00D00219 | |
| Source: | Window created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00D2CDAC | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00CA3B4C | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_ddce3e6e-7 | |
| Source: | String found in binary or memory: | memstr_a4f4fd3e-9 | |
| Source: | String found in binary or memory: | memstr_22e99797-0 | |
| Source: | String found in binary or memory: | memstr_78b52efc-2 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00D040B1 | |
| Source: | Code function: | 0_2_00CF8858 | |
| Source: | Code function: | 0_2_00D0545F | |
| Source: | Code function: | 0_2_00CAE800 | |
| Source: | Code function: | 0_2_00CCDBB5 | |
| Source: | Code function: | 0_2_00CAFE40 | |
| Source: | Code function: | 0_2_00D2804A | |
| Source: | Code function: | 0_2_00CAE060 | |
| Source: | Code function: | 0_2_00CB4140 | |
| Source: | Code function: | 0_2_00CC2405 | |
| Source: | Code function: | 0_2_00CD6522 | |
| Source: | Code function: | 0_2_00CD267E | |
| Source: | Code function: | 0_2_00D20665 | |
| Source: | Code function: | 0_2_00CB6843 | |
| Source: | Code function: | 0_2_00CC283A | |
| Source: | Code function: | 0_2_00CD89DF | |
| Source: | Code function: | 0_2_00D20AE2 | |
| Source: | Code function: | 0_2_00CD6A94 | |
| Source: | Code function: | 0_2_00CB8A0E | |
| Source: | Code function: | 0_2_00D08B13 | |
| Source: | Code function: | 0_2_00CFEB07 | |
| Source: | Code function: | 0_2_00CCCD61 | |
| Source: | Code function: | 0_2_00CD7006 | |
| Source: | Code function: | 0_2_00CB3190 | |
| Source: | Code function: | 0_2_00CB710E | |
| Source: | Code function: | 0_2_00CA1287 | |
| Source: | Code function: | 0_2_00CC33C7 | |
| Source: | Code function: | 0_2_00CCF419 | |
| Source: | Code function: | 0_2_00CC16C4 | |
| Source: | Code function: | 0_2_00CB5680 | |
| Source: | Code function: | 0_2_00CB58C0 | |
| Source: | Code function: | 0_2_00CC78D3 | |
| Source: | Code function: | 0_2_00CC1BB8 | |
| Source: | Code function: | 0_2_00CD9D05 | |
| Source: | Code function: | 0_2_00CC1FD0 | |
| Source: | Code function: | 0_2_00CCBFE6 | |
| Source: | Code function: | 0_2_0130B3F0 | |
| Source: | Code function: | 1_2_00F74198 | |
| Source: | Code function: | 1_2_00F7E8FD | |
| Source: | Code function: | 1_2_00F74A68 | |
| Source: | Code function: | 1_2_00F73E50 | |
| Source: | Code function: | 1_2_0664C74C | |
| Source: | Code function: | 1_2_06643BB4 | |
| Source: | Code function: | 1_2_066462D7 | |
| Source: | Code function: | 1_2_066455E3 | |
| Source: | Code function: | 1_2_066455E8 | |
| Source: | Code function: | 1_2_066556B0 | |
| Source: | Code function: | 1_2_06657E98 | |
| Source: | Code function: | 1_2_06656708 | |
| Source: | Code function: | 1_2_06653580 | |
| Source: | Code function: | 1_2_066577B8 | |
| Source: | Code function: | 1_2_0665E4D0 | |
| Source: | Code function: | 1_2_06655DFF | |
| Source: | Code function: | 1_2_06650040 | |
| Source: | Code function: | 1_2_0665003E | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00D0A2D5 | |
| Source: | Code function: | 0_2_00CF8713 | |
| Source: | Code function: | 0_2_00CF8CC3 | |
| Source: | Code function: | 0_2_00D0B59E | |
| Source: | Code function: | 0_2_00D1F121 | |
| Source: | Code function: | 0_2_00D186D0 | |
| Source: | Code function: | 0_2_00CA4FE9 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00D1C304 | |
| Source: | Code function: | 0_2_00CF0455 | |
| Source: | Code function: | 0_2_00CF0459 | |
| Source: | Code function: | 0_2_00CB85DB | |
| Source: | Code function: | 0_2_00CC058C | |
| Source: | Code function: | 0_2_00CC0588 | |
| Source: | Code function: | 0_2_00CB85BF | |
| Source: | Code function: | 0_2_00CB85BB | |
| Source: | Code function: | 0_2_00CC0570 | |
| Source: | Code function: | 0_2_00CC056C | |
| Source: | Code function: | 0_2_00CC057C | |
| Source: | Code function: | 0_2_00CC0574 | |
| Source: | Code function: | 0_2_00D0871B | |
| Source: | Code function: | 0_2_00CB6737 | |
| Source: | Code function: | 0_2_00CCE951 | |
| Source: | Code function: | 0_2_00CCEA6A | |
| Source: | Code function: | 0_2_00CC8B98 | |
| Source: | Code function: | 0_2_00CCEC45 | |
| Source: | Code function: | 0_2_00CCED2E | |
| Source: | Code function: | 0_2_00CB11AE | |
| Source: | Code function: | 0_2_00CB11B6 | |
| Source: | Code function: | 0_2_00CB111E | |
| Source: | Code function: | 0_2_00CB11AA | |
| Source: | Code function: | 0_2_00CB54E6 | |
| Source: | Code function: | 0_2_00CB5486 | |
| Source: | Code function: | 0_2_00CB5406 | |
| Source: | Code function: | 0_2_00CB554A | |
| Source: | Code function: | 0_2_00CB17F0 | |
| Source: | Code function: | 0_2_00CB17EC | |
| Source: | Code function: | 0_2_00CB1800 | |
| Source: | Code function: | 0_2_00CF58CE | |
| Source: | Code function: | 1_2_00F70C7A | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_00CA4A35 | |
| Source: | Code function: | 0_2_00D255FD | |
| Source: | Code function: | 0_2_00CC33C7 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_00D04696 | |
| Source: | Code function: | 0_2_00D0C9C7 | |
| Source: | Code function: | 0_2_00D0C93C | |
| Source: | Code function: | 0_2_00D0F200 | |
| Source: | Code function: | 0_2_00D0F35D | |
| Source: | Code function: | 0_2_00D0F65E | |
| Source: | Code function: | 0_2_00D03A2B | |
| Source: | Code function: | 0_2_00D03D4E | |
| Source: | Code function: | 0_2_00D0BF27 | |
| Source: | Code function: | 0_2_00CA4AFE | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-98230 | ||
| Source: | Code function: | 0_2_00D141FD | |
| Source: | Code function: | 0_2_00CA3B4C | |
| Source: | Code function: | 0_2_00CD5CCC | |
| Source: | Code function: | 0_2_00D1C304 | |
| Source: | Code function: | 0_2_0130B280 | |
| Source: | Code function: | 0_2_0130B2E0 | |
| Source: | Code function: | 0_2_01309C20 | |
| Source: | Code function: | 0_2_00CF81F7 | |
| Source: | Code function: | 0_2_00CCA395 | |
| Source: | Code function: | 0_2_00CCA364 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 0_2_00CF8C93 | |
| Source: | Code function: | 0_2_00CA3B4C | |
| Source: | Code function: | 0_2_00CA4A35 | |
| Source: | Code function: | 0_2_00D04EC9 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00CF81F7 | |
| Source: | Code function: | 0_2_00D04C03 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00CC886B | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00CD50D7 | |
| Source: | Code function: | 0_2_00CE2230 | |
| Source: | Code function: | 0_2_00CD418A | |
| Source: | Code function: | 0_2_00CA4AFE | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00D16596 | |
| Source: | Code function: | 0_2_00D16A5A | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | 1 Exfiltration Over Alternative Protocol | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 221 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 138 System Information Discovery | Distributed Component Object Model | 221 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 Masquerading | LSA Secrets | 241 Security Software Discovery | SSH | 4 Clipboard Data | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 1 Hidden Files and Directories | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 29% | ReversingLabs | Win32.Trojan.AutoitInject | ||
| 20% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 1% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.ipify.org | 104.26.13.205 | true | false |
| unknown |
| ftp.haliza.com.my | 110.4.45.197 | true | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 110.4.45.197 | ftp.haliza.com.my | Malaysia | 46015 | EXABYTES-AS-APExaBytesNetworkSdnBhdMY | true | |
| 104.26.13.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1548160 |
| Start date and time: | 2024-11-04 03:17:08 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 26s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Payslip_October_2024_pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@7/8@2/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target sgxIb.exe, PID 3448 because it is empty
- Execution Graph export aborted for target sgxIb.exe, PID 4076 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 02:18:02 | Autostart | |
| 02:18:10 | Autostart | |
| 21:17:59 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 110.4.45.197 | Get hash | malicious | AgentTesla | Browse | ||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse | |||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| 104.26.13.205 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | Node Stealer | Browse |
| ||
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| api.ipify.org | Get hash | malicious | Quasar | Browse |
| |
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Kronos, Strela Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| ftp.haliza.com.my | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EXABYTES-AS-APExaBytesNetworkSdnBhdMY | Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Quasar | Browse |
| |
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Kronos, Strela Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe | Get hash | malicious | AgentTesla | Browse | ||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
| Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
| Get hash | malicious | AgentTesla, MassLogger RAT, Phoenix Stealer, RedLine, SugarDump, XWorm | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | AgentTesla | Browse |
| Process: | C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 142 |
| Entropy (8bit): | 5.090621108356562 |
| Encrypted: | false |
| SSDEEP: | 3:QHXMKa/xwwUC7WglAFXMWA2yTMGfsbNRLFS9Am12MFuAvOAsDeieVyn:Q3La/xwczlAFXMWTyAGCDLIP12MUAvvw |
| MD5: | 8C0458BB9EA02D50565175E38D577E35 |
| SHA1: | F0B50702CD6470F3C17D637908F83212FDBDB2F2 |
| SHA-256: | C578E86DB701B9AFA3626E804CF434F9D32272FF59FB32FA9A51835E5A148B53 |
| SHA-512: | 804A47494D9A462FFA6F39759480700ECBE5A7F3A15EC3A6330176ED9C04695D2684BF6BF85AB86286D52E7B727436D0BB2E8DA96E20D47740B5CE3F856B5D0F |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Payslip_October_2024_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 247808 |
| Entropy (8bit): | 6.593522272161814 |
| Encrypted: | false |
| SSDEEP: | 6144:NL7BlKuUiMR2sjQKyur08nduiuNkZZY2JJdWQfChMp:RKuUR22Qby7awY2JJsQfjp |
| MD5: | FCD81729D3071AA4CC13458527164E17 |
| SHA1: | 6976514B16DCE09C6B7A7F4B1DBEC57626069DE0 |
| SHA-256: | 280AFFD9DBAA6337F928A82D5AFC3858C016AD7E2397FD6C1288998C30379106 |
| SHA-512: | 0A4872730939064F55BC6131077B2C80729866AB5E45CB4AC30B0B38FDEA1C5E64FFCCEA79A32129AA66C8C1E51B32FA33CA821561E81C36898AEEA9A061612B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Payslip_October_2024_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 147848 |
| Entropy (8bit): | 7.746158111293982 |
| Encrypted: | false |
| SSDEEP: | 3072:7aatt9pV52FuV09Gs6O4UnMoYftaA9HRkhLo7mVpg43EMwYAhMiKDw:btLpeF0bsf4UyUgkhDjwlhMi5 |
| MD5: | F1F24A47830E45355A1E65067955A01B |
| SHA1: | E3F47B573D165ABE6EF5BDDDD05457D9088F3399 |
| SHA-256: | 2627A92F94D4D5B1FD2EB7C31907AEFE4E88062B74682FFDAC7A5400E84C64A0 |
| SHA-512: | C5ABC1E243ADBCDA2AAD7FC3043241C11BE201B2A9F31B3E4C201404A5C5D7FB3CEC92AEBFD5A90C99FFE2BA1D0D051E0A2B4C9A82EFEAEBFE4862C548A5ADE7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Payslip_October_2024_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14626 |
| Entropy (8bit): | 7.628279387899238 |
| Encrypted: | false |
| SSDEEP: | 384:FTYznwBBBovI7dbhz2j6ovJO2CKLWGQfke:FAwrBoQphAvVCaWGQ8e |
| MD5: | 94F1BCC63F338526EC63D6A485BBF2B9 |
| SHA1: | DE119C631DB918053E24D6F77AE18C3F53C7117E |
| SHA-256: | D100FB43AE7C36ADC183FA18AA9CBC6B31A2D443253572358B8BDCB1906F5696 |
| SHA-512: | 782750092FE5D8819E46A18379A483B02B9D0D0E0C8F90B6E662363099B67D75CCE7741CDE17428BEB12551B65068ADAAA0C65942F4976A9D35D3A985E26ED07 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Payslip_October_2024_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 143378 |
| Entropy (8bit): | 2.839995272221263 |
| Encrypted: | false |
| SSDEEP: | 192:en/SvruYYXdqqWTConto9/W+PW5xoULoN/WtzWmPzNW/YKM2nRSn1Dq/M1WShL1o:W |
| MD5: | 3FABDCBB34347304FBBBFBD5A93C88F5 |
| SHA1: | 555F7436B396917930D023D0928130B1DC8BE371 |
| SHA-256: | 8121B269549C6F19E161CBEB3F9EBA1D7A82D6938467666D7FE98F0C664A6E1E |
| SHA-512: | 1E09C9591DAAC80A33C957D7346E715B79E949D24D9C914C6F2837AC1EBE1210A9612D3A98E0D6A1F431CC8FD8E7C6320C606F8D50A880AD392E50B87DEB0DE6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 45984 |
| Entropy (8bit): | 6.16795797263964 |
| Encrypted: | false |
| SSDEEP: | 768:4BbSoy+SdIBf0k2dsjYg6Iq8S1GYqWH8BR:noOIBf0ddsjY/ZGyc7 |
| MD5: | 9D352BC46709F0CB5EC974633A0C3C94 |
| SHA1: | 1969771B2F022F9A86D77AC4D4D239BECDF08D07 |
| SHA-256: | 2C1EEB7097023C784C2BD040A2005A5070ED6F3A4ABF13929377A9E39FAB1390 |
| SHA-512: | 13C714244EC56BEEB202279E4109D59C2A43C3CF29F90A374A751C04FD472B45228CA5A0178F41109ED863DBD34E0879E4A21F5E38AE3D89559C57E6BE990A9B |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1141 |
| Entropy (8bit): | 4.442398121585593 |
| Encrypted: | false |
| SSDEEP: | 24:zKLXkhDObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0hDQntKKH1MqJC |
| MD5: | 6FB4D27A716A8851BC0505666E7C7A10 |
| SHA1: | AD2A232C6E709223532C4D1AB892303273D8C814 |
| SHA-256: | 1DC36F296CE49BDF1D560B527DB06E1E9791C10263459A67EACE706C6DDCDEAE |
| SHA-512: | 3192095C68C6B7AD94212B7BCA0563F2058BCE00C0C439B90F0E96EA2F029A37C2F2B69487591B494C1BA54697FE891E214582E392127CB8C90AB682E0D81ADB |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.9557395199478105 |
| TrID: |
|
| File name: | Payslip_October_2024_pdf.exe |
| File size: | 1'317'888 bytes |
| MD5: | 00d35f16da780121846ac5345e6fddd5 |
| SHA1: | dc1610ef8a4f55cccf4ebabd3517b9b5706ff262 |
| SHA256: | 30f53c188f4ca288bab139778eb5426ee3db92ddc779c8df149b501334dd8dbb |
| SHA512: | 87c4f25ac6c9db33b933d3873fba2212751707da4f31b20cfaa67e6bd5b6fb8d3a3a938deed44e5bfed7219070a1f09d7fc24cd1ed63c41302ed90a49e7d9aac |
| SSDEEP: | 24576:pAHnh+eWsN3skA4RV1Hom2KXFmIa89tlB5Rg0V7kZ5:wh+ZkldoPK1Xa8/j5RgyG |
| TLSH: | 6855BE026B9C9065FFAAA1339B25E22647787D65537384AF33D81D7B78742F1123E232 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR.. |
 | |
| Icon Hash: | c58ee08c9594cd55 |
| Entrypoint: | 0x42800a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x6728039C [Sun Nov 3 23:13:32 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | afcdf79be1557326c854b6e20cb900a7 |
| Instruction |
|---|
| call 00007FF780E8231Dh |
| jmp 00007FF780E750D4h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push edi |
| push esi |
| mov esi, dword ptr [esp+10h] |
| mov ecx, dword ptr [esp+14h] |
| mov edi, dword ptr [esp+0Ch] |
| mov eax, ecx |
| mov edx, ecx |
| add eax, esi |
| cmp edi, esi |
| jbe 00007FF780E7525Ah |
| cmp edi, eax |
| jc 00007FF780E755BEh |
| bt dword ptr [004C41FCh], 01h |
| jnc 00007FF780E75259h |
| rep movsb |
| jmp 00007FF780E7556Ch |
| cmp ecx, 00000080h |
| jc 00007FF780E75424h |
| mov eax, edi |
| xor eax, esi |
| test eax, 0000000Fh |
| jne 00007FF780E75260h |
| bt dword ptr [004BF324h], 01h |
| jc 00007FF780E75730h |
| bt dword ptr [004C41FCh], 00000000h |
| jnc 00007FF780E753FDh |
| test edi, 00000003h |
| jne 00007FF780E7540Eh |
| test esi, 00000003h |
| jne 00007FF780E753EDh |
| bt edi, 02h |
| jnc 00007FF780E7525Fh |
| mov eax, dword ptr [esi] |
| sub ecx, 04h |
| lea esi, dword ptr [esi+04h] |
| mov dword ptr [edi], eax |
| lea edi, dword ptr [edi+04h] |
| bt edi, 03h |
| jnc 00007FF780E75263h |
| movq xmm1, qword ptr [esi] |
| sub ecx, 08h |
| lea esi, dword ptr [esi+08h] |
| movq qword ptr [edi], xmm1 |
| lea edi, dword ptr [edi+08h] |
| test esi, 00000007h |
| je 00007FF780E752B5h |
| bt esi, 03h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xbc0cc | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc8000 | 0x77574 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x140000 | 0x7134 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92bc0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa4b50 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8f000 | 0x884 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x8dfdd | 0x8e000 | 310e36668512d53489c005622bb1b4a9 | False | 0.5735602580325704 | data | 6.675248351711057 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8f000 | 0x2fd8e | 0x2fe00 | f006ab74d3c653b5c5a6cc0c77a171a2 | False | 0.32829838446475196 | data | 5.7632462979925245 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xbf000 | 0x8f74 | 0x5200 | aae9601d920f07080bdfadf43dfeff12 | False | 0.1017530487804878 | data | 1.1963819235530628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xc8000 | 0x77574 | 0x77600 | ffcb9236380a978ace1986ad27d17d80 | False | 0.6692408376963351 | data | 7.204904665133997 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x140000 | 0x7134 | 0x7200 | f04128ad0f87f42830e4a6cdbc38c719 | False | 0.7617530153508771 | data | 6.783955557128661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xc8650 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | Great Britain | 0.5150709219858156 |
| RT_ICON | 0xc8ab8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xc8be0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | Great Britain | 0.37682926829268293 |
| RT_ICON | 0xc9248 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | Great Britain | 0.478494623655914 |
| RT_ICON | 0xc9530 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | English | Great Britain | 0.514344262295082 |
| RT_ICON | 0xc9718 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | Great Britain | 0.49324324324324326 |
| RT_ICON | 0xc9840 | 0x6ed1 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 0.9985195107335472 |
| RT_ICON | 0xd0714 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | Great Britain | 0.570362473347548 |
| RT_ICON | 0xd15bc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | Great Britain | 0.6430505415162455 |
| RT_ICON | 0xd1e64 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | English | Great Britain | 0.5616359447004609 |
| RT_ICON | 0xd252c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | Great Britain | 0.4125722543352601 |
| RT_ICON | 0xd2a94 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | Great Britain | 0.13950668401750857 |
| RT_ICON | 0xe32bc | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | Great Britain | 0.22774332562539415 |
| RT_ICON | 0xec764 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | English | Great Britain | 0.23240601503759398 |
| RT_ICON | 0xf2f4c | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | Great Britain | 0.25914972273567466 |
| RT_ICON | 0xf83d4 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | Great Britain | 0.24728389230042513 |
| RT_ICON | 0xfc5fc | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | Great Britain | 0.3354771784232365 |
| RT_ICON | 0xfeba4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | Great Britain | 0.3778142589118199 |
| RT_STRING | 0xffc4c | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0x1001e0 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
| RT_STRING | 0x10086c | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0x100cfc | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0x1012f8 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0x101954 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0x101dbc | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0x101f14 | 0x3d07a | data | 1.0003440302746642 | ||
| RT_GROUP_ICON | 0x13ef90 | 0x102 | data | English | Great Britain | 0.6124031007751938 |
| RT_GROUP_ICON | 0x13f094 | 0x14 | data | English | Great Britain | 1.15 |
| RT_VERSION | 0x13f0a8 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0x13f184 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
| WININET.dll | InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
| USERENV.dll | DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA |
| USER32.dll | AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW |
| GDI32.dll | StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath |
| COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW |
| SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity |
| OLEAUT32.dll | LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-04T03:18:17.008684+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 4.245.163.56 | 443 | 192.168.2.4 | 49735 | TCP |
| 2024-11-04T03:18:55.870238+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 4.245.163.56 | 443 | 192.168.2.4 | 49741 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 4, 2024 03:17:59.590415001 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:17:59.590465069 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:17:59.590536118 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:17:59.600394011 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:17:59.600409031 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.218480110 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.218560934 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:00.221484900 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:00.221497059 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.221735001 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.270925045 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:00.275300980 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:00.319331884 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.450722933 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.450794935 CET | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.451191902 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:00.456974030 CET | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Nov 4, 2024 03:18:01.219566107 CET | 49731 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:01.224417925 CET | 21 | 49731 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:01.225784063 CET | 49731 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:01.238814116 CET | 49731 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:01.243715048 CET | 21 | 49731 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:01.245759010 CET | 49731 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:01.265425920 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:01.270376921 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:01.271125078 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:02.203669071 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:02.203891993 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:02.208758116 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:02.557557106 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:02.557878971 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:02.562772036 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:02.939085007 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:02.939245939 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:02.944056034 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:03.337795019 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:03.337917089 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:03.342701912 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:03.722757101 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:03.723078012 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:03.727946997 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:04.080812931 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:04.081072092 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:04.085957050 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:04.431231976 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:04.431898117 CET | 49733 | 56534 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:04.436726093 CET | 56534 | 49733 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:04.436903000 CET | 49733 | 56534 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:04.436899900 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:04.441756964 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.361030102 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.361517906 CET | 49733 | 56534 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:05.361588001 CET | 49733 | 56534 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:05.366384029 CET | 56534 | 49733 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.366410017 CET | 56534 | 49733 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.366420031 CET | 56534 | 49733 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.366818905 CET | 56534 | 49733 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.366980076 CET | 49733 | 56534 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:05.427207947 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:05.717036009 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:05.722774982 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:05.727632046 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:06.079663992 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:06.080065966 CET | 49734 | 54557 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:06.084855080 CET | 54557 | 49734 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:06.084940910 CET | 49734 | 54557 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:06.084985018 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:06.089752913 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:07.020698071 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:07.021089077 CET | 49734 | 54557 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:07.026185989 CET | 54557 | 49734 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:07.026256084 CET | 49734 | 54557 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:07.067847013 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:07.376019001 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:07.442553043 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:18:07.871440887 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:18:07.871495008 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.010993958 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.016339064 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:31.067171097 CET | 49914 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.072194099 CET | 21 | 49914 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:31.072283983 CET | 49914 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.072530031 CET | 49914 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.077394009 CET | 21 | 49914 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:31.077442884 CET | 49914 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.363089085 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:31.363599062 CET | 49917 | 63754 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.368506908 CET | 63754 | 49917 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:31.368586063 CET | 49917 | 63754 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.368664026 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:31.373449087 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:32.292582989 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:32.292782068 CET | 49917 | 63754 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:32.292802095 CET | 49917 | 63754 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:32.297655106 CET | 63754 | 49917 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:32.298115969 CET | 63754 | 49917 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:32.298175097 CET | 49917 | 63754 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:32.333693981 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:32.649429083 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:32.693065882 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:50.325206995 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:50.330149889 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:50.676502943 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:50.684267998 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:50.689255953 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:50.692173004 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:50.692176104 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:50.696974993 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.607835054 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.608097076 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613193035 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613204002 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613250971 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613265038 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613298893 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613312960 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613322973 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613347054 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613363028 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613379955 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613389969 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613396883 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613406897 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613423109 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.613426924 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613441944 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.613457918 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618175030 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618184090 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618216038 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618242025 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618257999 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618267059 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618273973 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618294001 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618308067 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618329048 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618345022 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618386030 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618391991 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618433952 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.618439913 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.618474960 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623111010 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623234987 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623347044 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623414993 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623424053 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623490095 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623524904 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623573065 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623581886 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623625994 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623661995 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.623724937 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.624089003 CET | 55832 | 50009 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:51.624135971 CET | 50009 | 55832 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:51.661856890 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:19:52.381726027 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:19:52.427491903 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.104641914 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.109782934 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:05.276637077 CET | 50010 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.281665087 CET | 21 | 50010 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:05.281781912 CET | 50010 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.282246113 CET | 50010 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.287467957 CET | 21 | 50010 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:05.287733078 CET | 50010 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.454700947 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:05.456593037 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.461816072 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:05.461922884 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.462002039 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:05.466803074 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.400257111 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.400650978 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.405755997 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405766010 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405775070 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405785084 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405795097 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405824900 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.405859947 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.405881882 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405932903 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405939102 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.405941963 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405951023 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405961037 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.405966043 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.405985117 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.406002045 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.406027079 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.410795927 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410805941 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410814047 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410821915 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410830021 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410840034 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.410856009 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.410888910 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.410942078 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.411015987 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.411019087 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.411073923 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415702105 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415797949 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415807009 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415875912 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415893078 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415931940 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.415978909 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.416039944 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.416049004 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.416420937 CET | 53538 | 50011 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:06.416461945 CET | 50011 | 53538 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:06.443255901 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:07.197792053 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:07.202833891 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:07.202941895 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:07.221715927 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:07.274008989 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:08.122735977 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:08.122956991 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:08.127857924 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:08.462013006 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:08.462174892 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:08.467057943 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:08.829900980 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:08.837033033 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:08.842004061 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.202497005 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.202651024 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:09.207484007 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.584986925 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.585174084 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:09.590182066 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.924295902 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:09.924458027 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:09.929419041 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.145114899 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.145190954 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.145266056 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.145378113 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.145378113 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.145389080 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.146478891 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.150019884 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.154855013 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:11.154943943 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.155033112 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:11.160145044 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.077299118 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.077528000 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.082843065 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082854033 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082861900 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082870960 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082881927 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082899094 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.082930088 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.082945108 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.082958937 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082968950 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082978964 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082987070 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.082999945 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.083033085 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.083106995 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.083147049 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088165045 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088210106 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088289022 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088304996 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088315010 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088323116 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088326931 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088331938 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088341951 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088370085 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088388920 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088407040 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088418007 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088426113 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088434935 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088443995 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088481903 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.088534117 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.088584900 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.093007088 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093056917 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.093101978 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093205929 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093214989 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093358040 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093374014 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093432903 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093502045 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093511105 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.093518972 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.099817038 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.099827051 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.099836111 CET | 60580 | 50013 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.099869967 CET | 50013 | 60580 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.117804050 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:12.850716114 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:12.896286011 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:13.023427010 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:13.028311968 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:13.362054110 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:13.364109993 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:13.369035006 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:13.369129896 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:13.369196892 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:13.373925924 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.312902927 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.313143969 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318063974 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318074942 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318089962 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318098068 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318109035 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318133116 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318175077 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318200111 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318217039 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318258047 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318315983 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318325043 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318332911 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318346977 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.318370104 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.318406105 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.322971106 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.322981119 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323024988 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323039055 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323048115 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323055983 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323064089 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323093891 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323096037 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323102951 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323117018 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323132038 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323148012 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323268890 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323278904 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323287964 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323319912 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.323349953 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.323389053 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.327929974 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328030109 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328068972 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328100920 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328118086 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328162909 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328191042 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328201056 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328270912 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328586102 CET | 54654 | 50014 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:14.328629017 CET | 50014 | 54654 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:14.365056038 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:15.127583027 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:15.180147886 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:31.413693905 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:31.418762922 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:31.765892029 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:31.788624048 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:31.794037104 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:31.794095993 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:31.794251919 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:31.799323082 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.703986883 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.706279039 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.711268902 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711328030 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711335897 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711343050 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711353064 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711376905 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711424112 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711431026 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.711431980 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711440086 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711496115 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.711503029 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.711559057 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716176987 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716233969 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716268063 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716275930 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716285944 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716286898 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716295004 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716296911 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716341972 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716347933 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716348886 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716389894 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716398954 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716415882 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716429949 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716439009 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.716458082 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.716567993 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721206903 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721353054 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721363068 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721405029 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721443892 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.721452951 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.722033978 CET | 63088 | 50015 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:32.722157001 CET | 50015 | 63088 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:32.755713940 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:33.504400015 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:33.552584887 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:34.089971066 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:34.094872952 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:34.428487062 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:34.429295063 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:34.434227943 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:34.434293032 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:34.434381962 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:34.439131021 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.348653078 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.356096983 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.361071110 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361082077 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361098051 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361105919 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361171007 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361180067 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361190081 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361196041 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.361215115 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361238956 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.361239910 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361249924 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.361290932 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366038084 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366107941 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366132975 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366168976 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366178989 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366204023 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366214037 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366225958 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366245031 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366369963 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366370916 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366409063 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366417885 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.366463900 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.366662025 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.367180109 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.368164062 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.371015072 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371073961 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371167898 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371206045 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371300936 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371336937 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.371428967 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371592999 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.371622086 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.373017073 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.373068094 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.373078108 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.376189947 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.376737118 CET | 56050 | 50016 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:35.376818895 CET | 50016 | 56050 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:35.400358915 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:36.141731977 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:36.302604914 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:41.856981039 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:41.862052917 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:42.196470022 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:42.196964979 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:42.201931000 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:42.202016115 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:42.202080965 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:42.206846952 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.125343084 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.125730038 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.130729914 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130742073 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130752087 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130769014 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130779028 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130815983 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.130891085 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130891085 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.130903006 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130923033 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130932093 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130959988 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.130965948 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.131225109 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.135737896 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135747910 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135765076 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135773897 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135827065 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135835886 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135840893 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135885000 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.135965109 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.135966063 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.135989904 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.136017084 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.136028051 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.136060953 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.136112928 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.140954971 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141020060 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141030073 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141068935 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141078949 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141088963 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141138077 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141146898 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141163111 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141172886 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141488075 CET | 61005 | 50017 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:43.141602993 CET | 50017 | 61005 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.208873987 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:43.943413019 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:44.099498034 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:49.651529074 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:49.656517982 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:49.993482113 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:49.993912935 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:49.998790979 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:49.998975992 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:49.999036074 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.004196882 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.259171963 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.264075041 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.264147043 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.922800064 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.923212051 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.928251982 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928278923 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928292036 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928303957 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928318024 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928344011 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.928407907 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928415060 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.928438902 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928452969 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928466082 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.928468943 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928529024 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.928530931 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.928595066 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933312893 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933327913 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933353901 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933367014 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933374882 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933381081 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933393955 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933394909 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933406115 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933410883 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933428049 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933450937 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933466911 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933468103 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933568954 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:50.933641911 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.933734894 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938235998 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938252926 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938318014 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938357115 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938416958 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.938446999 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.952127934 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.953129053 CET | 50419 | 50018 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:50.953243017 CET | 50018 | 50419 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.005768061 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.175448895 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.175669909 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.180450916 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.514296055 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.514481068 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.519285917 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.717180967 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.817967892 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.877754927 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:51.877940893 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:51.882777929 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.217931986 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.220360994 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:52.225763083 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.561513901 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.561686039 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:52.566508055 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.967544079 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:52.972117901 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:52.976949930 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:53.311351061 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:53.312947035 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:53.317770004 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:53.317862988 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:53.317908049 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:53.322654009 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.265178919 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.265470028 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.270881891 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.270896912 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.270908117 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.270920038 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.270946980 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.270981073 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.271011114 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271023989 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271034956 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271164894 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271178007 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271190882 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.271270990 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.271305084 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.276494026 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276508093 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276520014 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276531935 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276542902 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276572943 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.276611090 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.276640892 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276678085 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.276794910 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276808023 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276875019 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.276932955 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276945114 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.276957035 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282066107 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282222986 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282234907 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282247066 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282330990 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282342911 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282356977 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282376051 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282474041 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282486916 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282497883 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282610893 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282936096 CET | 59184 | 50020 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:54.282984018 CET | 50020 | 59184 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:54.354862928 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:20:55.085418940 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:20:55.208925962 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:17.715420008 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:17.720474958 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.057151079 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.064647913 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.069442034 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.072299957 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.072381973 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.077126980 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.992012978 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.992297888 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997309923 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997319937 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997329950 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997338057 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997349024 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997383118 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997385025 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997394085 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997410059 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997431040 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997435093 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997453928 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997478962 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997484922 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997519970 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:18.997534990 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:18.997581959 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.002182007 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002223015 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.002239943 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002249002 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002264023 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002273083 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002281904 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.002285957 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.002312899 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.002346039 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.007477045 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.007550001 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.007895947 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.012448072 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.012576103 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.012598038 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.012608051 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.013125896 CET | 56907 | 50021 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.013166904 CET | 50021 | 56907 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.160164118 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:19.801891088 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:19.912131071 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:35.946674109 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:35.951555014 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:36.285322905 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:36.286206961 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:36.291069984 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:36.291208982 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:36.291294098 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:36.296092033 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.216579914 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.217854023 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.222825050 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222835064 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222856998 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222866058 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222877026 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222922087 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.222976923 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222985029 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.222986937 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.223010063 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.223037004 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.223057985 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.223071098 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.223093033 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.223108053 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.223134995 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.227859020 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227868080 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227873087 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227880001 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227905989 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227914095 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.227965117 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.228014946 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.228037119 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.228076935 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.228086948 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.228126049 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.232954979 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.233201981 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.233645916 CET | 54752 | 50022 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:37.233709097 CET | 50022 | 54752 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:37.271548033 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:38.050102949 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:38.102205992 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:48.862169027 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:48.867311954 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:49.202369928 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:49.202972889 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:49.207986116 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:49.208059072 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:49.208230019 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:49.213083029 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.137870073 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.138264894 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143295050 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143342972 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143366098 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143371105 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143399000 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143428087 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143449068 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143455982 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143487930 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143491983 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143524885 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143533945 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143568039 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143584013 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143610954 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143636942 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.143651962 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143716097 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.143754005 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148483038 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148511887 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148544073 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148545980 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148575068 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148612022 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148638964 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148665905 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148680925 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148680925 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148721933 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148749113 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148752928 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148803949 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148829937 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148853064 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148864985 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.148899078 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.148912907 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.149050951 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.153814077 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.153897047 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.153915882 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.153944969 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.153971910 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154026985 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154053926 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154064894 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154109955 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154136896 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154165030 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.154195070 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.159130096 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.159601927 CET | 65113 | 50023 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.160311937 CET | 50023 | 65113 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.193465948 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:21:50.943017960 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:21:50.990299940 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:00.788842916 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:00.793966055 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:01.127923012 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:01.128608942 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:01.133589983 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:01.133660078 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:01.133796930 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:01.138710976 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.045121908 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.046446085 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051353931 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051369905 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051397085 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051409960 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051423073 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051429987 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051493883 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051496983 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051507950 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051537037 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051554918 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051568985 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051580906 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051619053 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.051625013 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.051748037 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.056282043 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056302071 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056314945 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056339979 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056353092 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056365013 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056382895 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.056452990 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056466103 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.056477070 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056508064 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.056526899 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.056586027 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061284065 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061450005 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061569929 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061583042 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061618090 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.061676025 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.062087059 CET | 62290 | 50024 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.062190056 CET | 50024 | 62290 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.162214041 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:02.865003109 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:02.984952927 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:03.854902983 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:03.859853983 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:04.193427086 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:04.193809986 CET | 50025 | 52797 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:04.207362890 CET | 52797 | 50025 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:04.207464933 CET | 50025 | 52797 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:04.207470894 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Nov 4, 2024 03:22:04.212383032 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:05.105478048 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 |
| Nov 4, 2024 03:22:05.146595001 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 4, 2024 03:17:59.577934027 CET | 55151 | 53 | 192.168.2.4 | 1.1.1.1 |
| Nov 4, 2024 03:17:59.584616899 CET | 53 | 55151 | 1.1.1.1 | 192.168.2.4 |
| Nov 4, 2024 03:18:00.964710951 CET | 64589 | 53 | 192.168.2.4 | 1.1.1.1 |
| Nov 4, 2024 03:18:01.218698978 CET | 53 | 64589 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 4, 2024 03:17:59.577934027 CET | 192.168.2.4 | 1.1.1.1 | 0x31ab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 4, 2024 03:18:00.964710951 CET | 192.168.2.4 | 1.1.1.1 | 0xdfa | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 4, 2024 03:17:59.584616899 CET | 1.1.1.1 | 192.168.2.4 | 0x31ab | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Nov 4, 2024 03:17:59.584616899 CET | 1.1.1.1 | 192.168.2.4 | 0x31ab | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Nov 4, 2024 03:17:59.584616899 CET | 1.1.1.1 | 192.168.2.4 | 0x31ab | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Nov 4, 2024 03:18:01.218698978 CET | 1.1.1.1 | 192.168.2.4 | 0xdfa | No error (0) | 110.4.45.197 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 104.26.13.205 | 443 | 7040 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-04 02:18:00 UTC | 155 | OUT | |
| 2024-11-04 02:18:00 UTC | 399 | IN | |
| 2024-11-04 02:18:00 UTC | 14 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Nov 4, 2024 03:18:02.203669071 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 12 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 12 of 50 allowed.220-Local time is now 10:18. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 12 of 50 allowed.220-Local time is now 10:18. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 12 of 50 allowed.220-Local time is now 10:18. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 12 of 50 allowed.220-Local time is now 10:18. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
| Nov 4, 2024 03:18:02.203891993 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | USER origin@haliza.com.my |
| Nov 4, 2024 03:18:02.557557106 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 331 User origin@haliza.com.my OK. Password required |
| Nov 4, 2024 03:18:02.557878971 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASS JesusChrist007$ |
| Nov 4, 2024 03:18:02.939085007 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 230 OK. Current restricted directory is / |
| Nov 4, 2024 03:18:03.337795019 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 504 Unknown command |
| Nov 4, 2024 03:18:03.337917089 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PWD |
| Nov 4, 2024 03:18:03.722757101 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 257 "/" is your current location |
| Nov 4, 2024 03:18:03.723078012 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | TYPE I |
| Nov 4, 2024 03:18:04.080812931 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 200 TYPE is now 8-bit binary |
| Nov 4, 2024 03:18:04.081072092 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:18:04.431231976 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,220,214) |
| Nov 4, 2024 03:18:04.436899900 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | STOR CO_Chrome_Default.txt_user-284992_2024_11_03_21_37_59.txt |
| Nov 4, 2024 03:18:05.361030102 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:18:05.717036009 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.354 seconds (measured here), 9.26 Kbytes per second |
| Nov 4, 2024 03:18:05.722774982 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:18:06.079663992 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,213,29) |
| Nov 4, 2024 03:18:06.084985018 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | STOR CO_Firefox_fqs92o4p.default-release.txt_user-284992_2024_11_04_04_06_27.txt |
| Nov 4, 2024 03:18:07.020698071 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:18:07.376019001 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226 File successfully transferred |
| Nov 4, 2024 03:18:07.871440887 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226 File successfully transferred |
| Nov 4, 2024 03:19:31.010993958 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:19:31.363089085 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,249,10) |
| Nov 4, 2024 03:19:31.368664026 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | STOR KL_user-284992_2024_11_18_00_38_35.html |
| Nov 4, 2024 03:19:32.292582989 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:19:32.649429083 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.358 seconds (measured here), 0.77 Kbytes per second |
| Nov 4, 2024 03:19:50.325206995 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:19:50.676502943 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,218,24) |
| Nov 4, 2024 03:19:50.692176104 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_11_28_11_14_06.jpeg |
| Nov 4, 2024 03:19:51.607835054 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:19:52.381726027 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.777 seconds (measured here), 83.22 Kbytes per second |
| Nov 4, 2024 03:20:05.104641914 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:05.454700947 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,209,34) |
| Nov 4, 2024 03:20:05.462002039 CET | 49732 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_12_07_00_46_00.jpeg |
| Nov 4, 2024 03:20:06.400257111 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:07.221715927 CET | 21 | 49732 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.814 seconds (measured here), 79.47 Kbytes per second |
| Nov 4, 2024 03:20:08.122735977 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
| Nov 4, 2024 03:20:08.122956991 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | USER origin@haliza.com.my |
| Nov 4, 2024 03:20:08.462013006 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 331 User origin@haliza.com.my OK. Password required |
| Nov 4, 2024 03:20:08.462174892 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASS JesusChrist007$ |
| Nov 4, 2024 03:20:08.829900980 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 230 OK. Current restricted directory is / |
| Nov 4, 2024 03:20:09.202497005 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 504 Unknown command |
| Nov 4, 2024 03:20:09.202651024 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PWD |
| Nov 4, 2024 03:20:09.584986925 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 257 "/" is your current location |
| Nov 4, 2024 03:20:09.585174084 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | TYPE I |
| Nov 4, 2024 03:20:09.924295902 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 200 TYPE is now 8-bit binary |
| Nov 4, 2024 03:20:09.924458027 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:11.145114899 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,236,164) |
| Nov 4, 2024 03:20:11.145190954 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,236,164) |
| Nov 4, 2024 03:20:11.145266056 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,236,164) |
| Nov 4, 2024 03:20:11.145389080 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,236,164) |
| Nov 4, 2024 03:20:11.155033112 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_12_12_07_23_02.jpeg |
| Nov 4, 2024 03:20:12.077299118 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:12.850716114 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.774 seconds (measured here), 83.61 Kbytes per second |
| Nov 4, 2024 03:20:13.023427010 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:13.362054110 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,213,126) |
| Nov 4, 2024 03:20:13.369196892 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_12_17_02_50_41.jpeg |
| Nov 4, 2024 03:20:14.312902927 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:15.127583027 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.819 seconds (measured here), 79.01 Kbytes per second |
| Nov 4, 2024 03:20:31.413693905 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:31.765892029 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,246,112) |
| Nov 4, 2024 03:20:31.794251919 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_12_27_04_57_19.jpeg |
| Nov 4, 2024 03:20:32.703986883 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:33.504400015 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.800 seconds (measured here), 86.89 Kbytes per second |
| Nov 4, 2024 03:20:34.089971066 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:34.428487062 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,218,242) |
| Nov 4, 2024 03:20:34.434381962 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_12_30_15_12_21.jpeg |
| Nov 4, 2024 03:20:35.348653078 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:36.141731977 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.790 seconds (measured here), 81.83 Kbytes per second |
| Nov 4, 2024 03:20:41.856981039 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:42.196470022 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,238,77) |
| Nov 4, 2024 03:20:42.202080965 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_01_05_03_08_46.jpeg |
| Nov 4, 2024 03:20:43.125343084 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:43.943413019 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.819 seconds (measured here), 79.01 Kbytes per second |
| Nov 4, 2024 03:20:49.651529074 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:49.993482113 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,196,243) |
| Nov 4, 2024 03:20:49.999036074 CET | 50012 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_01_10_12_43_10.jpeg |
| Nov 4, 2024 03:20:50.922800064 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:51.175448895 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 10:20. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
| Nov 4, 2024 03:20:51.175669909 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | USER origin@haliza.com.my |
| Nov 4, 2024 03:20:51.514296055 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 331 User origin@haliza.com.my OK. Password required |
| Nov 4, 2024 03:20:51.514481068 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASS JesusChrist007$ |
| Nov 4, 2024 03:20:51.717180967 CET | 21 | 50012 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.794 seconds (measured here), 81.44 Kbytes per second |
| Nov 4, 2024 03:20:51.877754927 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 230 OK. Current restricted directory is / |
| Nov 4, 2024 03:20:52.217931986 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 504 Unknown command |
| Nov 4, 2024 03:20:52.220360994 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PWD |
| Nov 4, 2024 03:20:52.561513901 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 257 "/" is your current location |
| Nov 4, 2024 03:20:52.561686039 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | TYPE I |
| Nov 4, 2024 03:20:52.967544079 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 200 TYPE is now 8-bit binary |
| Nov 4, 2024 03:20:52.972117901 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:20:53.311351061 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,231,48) |
| Nov 4, 2024 03:20:53.317908049 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_01_13_13_32_15.jpeg |
| Nov 4, 2024 03:20:54.265178919 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:20:55.085418940 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.831 seconds (measured here), 77.80 Kbytes per second |
| Nov 4, 2024 03:21:17.715420008 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:21:18.057151079 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,222,75) |
| Nov 4, 2024 03:21:18.072381973 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_01_26_22_49_57.jpeg |
| Nov 4, 2024 03:21:18.992012978 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:21:19.801891088 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.805 seconds (measured here), 80.35 Kbytes per second |
| Nov 4, 2024 03:21:35.946674109 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:21:36.285322905 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,213,224) |
| Nov 4, 2024 03:21:36.291294098 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_02_10_15_39_19.jpeg |
| Nov 4, 2024 03:21:37.216579914 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:21:38.050102949 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.815 seconds (measured here), 79.31 Kbytes per second |
| Nov 4, 2024 03:21:48.862169027 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:21:49.202369928 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,254,89) |
| Nov 4, 2024 03:21:49.208230019 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_02_18_04_38_55.jpeg |
| Nov 4, 2024 03:21:50.137870073 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:21:50.943017960 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.805 seconds (measured here), 80.35 Kbytes per second |
| Nov 4, 2024 03:22:00.788842916 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:22:01.127923012 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,243,82) |
| Nov 4, 2024 03:22:01.133796930 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2025_02_25_14_41_33.jpeg |
| Nov 4, 2024 03:22:02.045121908 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
| Nov 4, 2024 03:22:02.865003109 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.803 seconds (measured here), 80.52 Kbytes per second |
| Nov 4, 2024 03:22:03.854902983 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | PASV |
| Nov 4, 2024 03:22:04.193427086 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 227 Entering Passive Mode (110,4,45,197,206,61) |
| Nov 4, 2024 03:22:04.207470894 CET | 50019 | 21 | 192.168.2.4 | 110.4.45.197 | STOR SC_user-284992_2024_11_03_21_22_02.jpeg |
| Nov 4, 2024 03:22:05.105478048 CET | 21 | 50019 | 110.4.45.197 | 192.168.2.4 | 150 Accepted data connection |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:17:56 |
| Start date: | 03/11/2024 |
| Path: | C:\Users\user\Desktop\Payslip_October_2024_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xca0000 |
| File size: | 1'317'888 bytes |
| MD5 hash: | 00D35F16DA780121846AC5345E6FDDD5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 21:17:57 |
| Start date: | 03/11/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8e0000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 21:18:10 |
| Start date: | 03/11/2024 |
| Path: | C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x950000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 21:18:10 |
| Start date: | 03/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 21:18:18 |
| Start date: | 03/11/2024 |
| Path: | C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 21:18:18 |
| Start date: | 03/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 4.1% |
| Dynamic/Decrypted Code Coverage: | 0.4% |
| Signature Coverage: | 8.1% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 33 |
Graph
Function 00CA3B4C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAFE40 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D04696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAE800 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB0B30 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D093DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA302C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 63windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA71EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA3A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0130A3D0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0130A160 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 158fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D097E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAF8CF Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D08F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA81C1 Relevance: 2.6, APIs: 2, Instructions: 54COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB2123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA766F Relevance: 1.6, APIs: 1, Instructions: 103COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC0E48 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CE00D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5B19 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CE01AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5BDA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFFC4D Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA7F41 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC4A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC09D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D09129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA5DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0D2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0130A050 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2CDAC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0C9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0F200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D20AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0F35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB6843 Relevance: 18.4, Strings: 14, Instructions: 883COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D186D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D14458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D03A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0F65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB58C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D16596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB5680 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D255FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB3190 Relevance: 6.6, APIs: 4, Instructions: 587COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D040B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFEB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D04C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAE060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CCF419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CD267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D08B13 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D04EC9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CE2230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CCA364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB8A0E Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC2405 Relevance: .3, Instructions: 345COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC283A Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC1BB8 Relevance: .3, Instructions: 323COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D237F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA2C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D177BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D28C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D24B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D24069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D152F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFAA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C8EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D24619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0A45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D048F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D05217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0D7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFC72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D273C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC7040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D15A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF9471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF9645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D18BC0 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C27C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D18F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D288B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D03226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D04534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D07368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFC072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D16E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D038AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D27500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFE0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC41C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D25A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFF3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D026F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D173B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D074D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D02F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFDA5D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D02C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF9372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFA52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF6920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFB6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF97E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFC161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D04D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D054E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF7652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF85F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D27648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA4D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D21072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D193F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF76C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1E33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D183A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF7A78 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF6DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D29A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D28AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D25175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CC0BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D11A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFE1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D1667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF9023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D01652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D06E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D2C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CA2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF8C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CE2187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CE219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D0B217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CB2AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D12882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D02D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D26B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D02E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D124CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D180A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF92E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF91DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF9264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CF81BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D25BEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|