Edit tour
Windows
Analysis Report
cgln32y2HF.exe
Overview
General Information
| Sample name: | cgln32y2HF.exerenamed because original name is a hash value |
| Original sample name: | 4b553069c339246833d06bdc506d9bf61010357a10ac56eb2e7ba59bbc01fd6f.exe |
| Analysis ID: | 1555039 |
| MD5: | 21f41d9ec4e120f5bc7d543cde6a9cee |
| SHA1: | 1f0011eb8d2f01975e8291ebfe8efeccd7e44cb4 |
| SHA256: | 4b553069c339246833d06bdc506d9bf61010357a10ac56eb2e7ba59bbc01fd6f |
| Tags: | 94-158-244-69exeuser-JAMESWT_MHT |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Delayed program exit found
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking computer name)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Abnormal high CPU Usage
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables driver privileges
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Potential time zone aware malware
Program does not show much activity (idle)
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
cgln32y2HF.exe (PID: 7104 cmdline: "C:\Users\ user\Deskt op\cgln32y 2HF.exe" MD5: 21F41D9EC4E120F5BC7D543CDE6A9CEE)
- cleanup
{"C2 url": "http://94.158.244.69/c2sock", "Build Version": "LummaC2, Build 20233101"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_1 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| Click to see the 3 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:51:36.232008+0100 | 2022930 | 1 | A Network Trojan was detected | 4.245.163.56 | 443 | 192.168.2.5 | 49755 | TCP |
| 2024-11-13T10:52:14.410644+0100 | 2022930 | 1 | A Network Trojan was detected | 4.245.163.56 | 443 | 192.168.2.5 | 49965 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:50:45.112747+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49979 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:50:45.112747+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49836 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:51:47.843734+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49788 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:05.903144+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49880 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:14.894678+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49929 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:23.675839+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49978 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:41.586763+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49980 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:42.381649+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49982 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:59.612142+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49983 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:08.398262+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49984 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:17.308529+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49985 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:26.119013+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49986 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:35.006309+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49987 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:43.823782+0100 | 2043206 | 1 | A Network Trojan was detected | 192.168.2.5 | 49988 | 94.158.244.69 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:52:42.381649+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.5 | 49982 | 94.158.244.69 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_004052D9 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_00451F08 | |
| Source: | Code function: | 0_2_00451FBC | |
| Source: | Code function: | 0_2_02382223 | |
| Source: | Code function: | 0_2_0238216F | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_0040B81C | |
| Source: | Code function: | 0_2_00422177 | |
| Source: | Code function: | 0_2_0040A928 | |
| Source: | Code function: | 0_2_0040B129 | |
| Source: | Code function: | 0_2_0042F1C2 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Code function: | 0_2_004224A3 | |
| Source: | Code function: | 0_2_004245EC | |
| Source: | Code function: | 0_2_00421EEB | |
| Source: | Code function: | 0_2_0040B7BB | |
| Source: | Code function: | 0_2_0040B7F5 | |
| Source: | Code function: | 0_2_0040B81C | |
| Source: | Code function: | 0_2_0042C0DA | |
| Source: | Code function: | 0_2_00434080 | |
| Source: | Code function: | 0_2_0040E14E | |
| Source: | Code function: | 0_2_0040A928 | |
| Source: | Code function: | 0_2_0040B129 | |
| Source: | Code function: | 0_2_0042B9C5 | |
| Source: | Code function: | 0_2_004069A1 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_0041C270 | |
| Source: | Code function: | 0_2_0042F278 | |
| Source: | Code function: | 0_2_0040620B | |
| Source: | Code function: | 0_2_00430228 | |
| Source: | Code function: | 0_2_004052D9 | |
| Source: | Code function: | 0_2_00436ADC | |
| Source: | Code function: | 0_2_00405AAA | |
| Source: | Code function: | 0_2_0043B362 | |
| Source: | Code function: | 0_2_00402476 | |
| Source: | Code function: | 0_2_0042FD35 | |
| Source: | Code function: | 0_2_0042AD82 | |
| Source: | Code function: | 0_2_0042D658 | |
| Source: | Code function: | 0_2_00430E6C | |
| Source: | Code function: | 0_2_00438E28 | |
| Source: | Code function: | 0_2_0042CFBA | |
| Source: | Code function: | 0_2_0041204D | |
| Source: | Code function: | 0_2_00441057 | |
| Source: | Code function: | 0_2_00415070 | |
| Source: | Code function: | 0_2_00448800 | |
| Source: | Code function: | 0_2_0043D8D0 | |
| Source: | Code function: | 0_2_0041E083 | |
| Source: | Code function: | 0_2_0044915B | |
| Source: | Code function: | 0_2_0045D15A | |
| Source: | Code function: | 0_2_0041316D | |
| Source: | Code function: | 0_2_0040112C | |
| Source: | Code function: | 0_2_004279E0 | |
| Source: | Code function: | 0_2_0041D1E9 | |
| Source: | Code function: | 0_2_004109FC | |
| Source: | Code function: | 0_2_0040D994 | |
| Source: | Code function: | 0_2_0044F244 | |
| Source: | Code function: | 0_2_0041AA49 | |
| Source: | Code function: | 0_2_0041B251 | |
| Source: | Code function: | 0_2_00429A5B | |
| Source: | Code function: | 0_2_00410218 | |
| Source: | Code function: | 0_2_00410A33 | |
| Source: | Code function: | 0_2_00414A83 | |
| Source: | Code function: | 0_2_0044234A | |
| Source: | Code function: | 0_2_0040136E | |
| Source: | Code function: | 0_2_00457B30 | |
| Source: | Code function: | 0_2_00428334 | |
| Source: | Code function: | 0_2_0041EBEB | |
| Source: | Code function: | 0_2_00415C7E | |
| Source: | Code function: | 0_2_00418413 | |
| Source: | Code function: | 0_2_0043A4FE | |
| Source: | Code function: | 0_2_00424C8D | |
| Source: | Code function: | 0_2_0043BCA4 | |
| Source: | Code function: | 0_2_00416548 | |
| Source: | Code function: | 0_2_00439535 | |
| Source: | Code function: | 0_2_0041764A | |
| Source: | Code function: | 0_2_0043D600 | |
| Source: | Code function: | 0_2_004126B9 | |
| Source: | Code function: | 0_2_00429730 | |
| Source: | Code function: | 0_2_00434FAC | |
| Source: | Code function: | 0_2_0235D221 | |
| Source: | Code function: | 0_2_02365213 | |
| Source: | Code function: | 0_2_02378A67 | |
| Source: | Code function: | 0_2_023422B4 | |
| Source: | Code function: | 0_2_023712BE | |
| Source: | Code function: | 0_2_0233BA83 | |
| Source: | Code function: | 0_2_023642E7 | |
| Source: | Code function: | 0_2_0234E2EA | |
| Source: | Code function: | 0_2_023452D7 | |
| Source: | Code function: | 0_2_02359ADA | |
| Source: | Code function: | 0_2_0236DB37 | |
| Source: | Code function: | 0_2_0235C341 | |
| Source: | Code function: | 0_2_0233E3B5 | |
| Source: | Code function: | 0_2_0233B390 | |
| Source: | Code function: | 0_2_0233AB8F | |
| Source: | Code function: | 0_2_023603F5 | |
| Source: | Code function: | 0_2_0233DBFB | |
| Source: | Code function: | 0_2_023793C2 | |
| Source: | Code function: | 0_2_0238D3C1 | |
| Source: | Code function: | 0_2_0236D867 | |
| Source: | Code function: | 0_2_023478B1 | |
| Source: | Code function: | 0_2_0235D8BF | |
| Source: | Code function: | 0_2_0236908F | |
| Source: | Code function: | 0_2_023610D3 | |
| Source: | Code function: | 0_2_02342920 | |
| Source: | Code function: | 0_2_02359997 | |
| Source: | Code function: | 0_2_0234867A | |
| Source: | Code function: | 0_2_0234EE52 | |
| Source: | Code function: | 0_2_02354EF4 | |
| Source: | Code function: | 0_2_02345EE5 | |
| Source: | Code function: | 0_2_02359EE2 | |
| Source: | Code function: | 0_2_023326DD | |
| Source: | Code function: | 0_2_0236BF0B | |
| Source: | Code function: | 0_2_0236A765 | |
| Source: | Code function: | 0_2_023467AF | |
| Source: | Code function: | 0_2_0236979C | |
| Source: | Code function: | 0_2_0235AFE9 | |
| Source: | Code function: | 0_2_0235BC2C | |
| Source: | Code function: | 0_2_02336C08 | |
| Source: | Code function: | 0_2_0234FC0B | |
| Source: | Code function: | 0_2_02336472 | |
| Source: | Code function: | 0_2_0234047F | |
| Source: | Code function: | 0_2_0234D450 | |
| Source: | Code function: | 0_2_02357C47 | |
| Source: | Code function: | 0_2_0234ACB0 | |
| Source: | Code function: | 0_2_0234B4B8 | |
| Source: | Code function: | 0_2_0237F4AB | |
| Source: | Code function: | 0_2_0236048F | |
| Source: | Code function: | 0_2_0234C4D7 | |
| Source: | Code function: | 0_2_0235F4DF | |
| Source: | Code function: | 0_2_02359CC2 | |
| Source: | Code function: | 0_2_02335D11 | |
| Source: | Code function: | 0_2_02335540 | |
| Source: | Code function: | 0_2_02366D43 | |
| Source: | Code function: | 0_2_023725B1 | |
| Source: | Code function: | 0_2_0235859B | |
| Source: | Code function: | 0_2_0235A5D4 | |
| Source: | Code function: | 0_2_0236B5C9 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0079A16E | |
| Source: | Static PE information: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00464079 | |
| Source: | Code function: | 0_2_00463CB6 | |
| Source: | Code function: | 0_2_00403D71 | |
| Source: | Code function: | 0_2_0045277B | |
| Source: | Code function: | 0_2_023829E2 | |
| Source: | Code function: | 0_2_02333FD8 | |
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_00401FF9 | |
| Source: | Code function: | 0_2_00401FF9 | |
| Source: | Code function: | 0_2_02332260 | |
| Source: | Evasive API call chain: | graph_0-74025 | ||
| Source: | Evasive API call chain: | graph_0-74122 | ||
| Source: | Evasive API call chain: | graph_0-74122 | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Evasive API call chain: | graph_0-74135 | ||
| Source: | Evasive API call chain: | graph_0-74069 | ||
| Source: | Evasive API call chain: | graph_0-74076 | ||
| Source: | Evasive API call chain: | graph_0-74076 | ||
| Source: | Evasive API call chain: | graph_0-74069 | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00451F08 | |
| Source: | Code function: | 0_2_00451FBC | |
| Source: | Code function: | 0_2_02382223 | |
| Source: | Code function: | 0_2_0238216F | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-74015 | ||
Anti Debugging | |
|---|
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Debugger detection routine: | graph_0-74101 | ||
| Source: | Process Stats: | ||
| Source: | Thread information set: | Jump to behavior | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_0044E33B | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_00422177 | |
| Source: | Code function: | 0_2_00443998 | |
| Source: | Code function: | 0_2_0041F9A4 | |
| Source: | Code function: | 0_2_004262A1 | |
| Source: | Code function: | 0_2_0043B362 | |
| Source: | Code function: | 0_2_0044FB15 | |
| Source: | Code function: | 0_2_004244E4 | |
| Source: | Code function: | 0_2_004224A3 | |
| Source: | Code function: | 0_2_004245EC | |
| Source: | Code function: | 0_2_00421EEB | |
| Source: | Code function: | 0_2_00422817 | |
| Source: | Code function: | 0_2_0041F916 | |
| Source: | Code function: | 0_2_004269E4 | |
| Source: | Code function: | 0_2_00424995 | |
| Source: | Code function: | 0_2_00424995 | |
| Source: | Code function: | 0_2_00426A42 | |
| Source: | Code function: | 0_2_0042F265 | |
| Source: | Code function: | 0_2_00424B24 | |
| Source: | Code function: | 0_2_0041EBEB | |
| Source: | Code function: | 0_2_00424BED | |
| Source: | Code function: | 0_2_00424C8D | |
| Source: | Code function: | 0_2_0041E6F0 | |
| Source: | Code function: | 0_2_00429EF7 | |
| Source: | Code function: | 0_2_00799A4B | |
| Source: | Code function: | 0_2_02352A7E | |
| Source: | Code function: | 0_2_0234FB7D | |
| Source: | Code function: | 0_2_02373BFF | |
| Source: | Code function: | 0_2_02354BFC | |
| Source: | Code function: | 0_2_02354BFC | |
| Source: | Code function: | 0_2_023523DE | |
| Source: | Code function: | 0_2_02354853 | |
| Source: | Code function: | 0_2_0233092B | |
| Source: | Code function: | 0_2_0234E957 | |
| Source: | Code function: | 0_2_02352152 | |
| Source: | Code function: | 0_2_0235A15E | |
| Source: | Code function: | 0_2_02354E54 | |
| Source: | Code function: | 0_2_0234EE52 | |
| Source: | Code function: | 0_2_02354EF4 | |
| Source: | Code function: | 0_2_0235270A | |
| Source: | Code function: | 0_2_0235474B | |
| Source: | Code function: | 0_2_0234FC0B | |
| Source: | Code function: | 0_2_02356C4B | |
| Source: | Code function: | 0_2_02356CA9 | |
| Source: | Code function: | 0_2_0235F4CC | |
| Source: | Code function: | 0_2_02356508 | |
| Source: | Code function: | 0_2_0237FD7C | |
| Source: | Code function: | 0_2_02330D90 | |
| Source: | Code function: | 0_2_02354D8B | |
| Source: | Code function: | 0_2_0236B5C9 | |
| Source: | Code function: | 0_2_0043323B | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_0044E33B | |
| Source: | Code function: | 0_2_0043D3A0 | |
| Source: | Code function: | 0_2_0043CE89 | |
| Source: | Code function: | 0_2_0043CE95 | |
| Source: | Code function: | 0_2_0236D0F0 | |
| Source: | Code function: | 0_2_0236D0FC | |
| Source: | Code function: | 0_2_0236D607 | |
| Source: | Code function: | 0_2_0237E5A2 | |
| Source: | Code function: | 0_2_0043D0B8 | |
| Source: | Code function: | 0_2_0044614F | |
| Source: | Code function: | 0_2_00402476 | |
| Source: | Code function: | 0_2_00453BC4 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 21 Native API | 1 LSASS Driver | 1 LSASS Driver | 421 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 12 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 561 Security Software Discovery | Remote Desktop Protocol | 31 Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 421 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Software Packing | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 11 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 113 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 87% | ReversingLabs | Win32.Ransomware.LockBit | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 94.158.244.69 | unknown | Moldova Republic of | 39798 | MIVOCLOUDMD | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1555039 |
| Start date and time: | 2024-11-13 10:49:53 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | cgln32y2HF.exerenamed because original name is a hash value |
| Original Sample Name: | 4b553069c339246833d06bdc506d9bf61010357a10ac56eb2e7ba59bbc01fd6f.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/0@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: cgln32y2HF.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 94.158.244.69 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MIVOCLOUDMD | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.574702624249325 |
| TrID: |
|
| File name: | cgln32y2HF.exe |
| File size: | 445'952 bytes |
| MD5: | 21f41d9ec4e120f5bc7d543cde6a9cee |
| SHA1: | 1f0011eb8d2f01975e8291ebfe8efeccd7e44cb4 |
| SHA256: | 4b553069c339246833d06bdc506d9bf61010357a10ac56eb2e7ba59bbc01fd6f |
| SHA512: | 66a44c592cad04d6e03a4cc004953f51854d34a4a98ff4b1775698efe5ca5a0359b0a6abcc9604c4f9826892fe7e50ff44634a3381dc4cdad9bb161a522541c3 |
| SSDEEP: | 12288:NtwJ62+DFXIrNBLzSpF6xh7wsDxW1OKyx7:N2opIxBXS36xh7wwxt |
| TLSH: | 6694E01273D19871E9570A718E6AC2F86A2FF9B14F567BEB33585A2F0D302E1C672305 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.t.bp.Rbp.Rbp.R...Rvp.R...RLp.R...R.p.Rk..Rgp.Rbp.R.p.R...Rcp.R...Rcp.R...Rcp.RRichbp.R........................PE..L......a... |
 | |
| Icon Hash: | 25250d418549973e |
| Entrypoint: | 0x40b25f |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x61D6E097 [Thu Jan 6 12:29:11 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | d26fb7e077310f1b46c902bf26f168fa |
| Instruction |
|---|
| call 00007F20B4DA9406h |
| jmp 00007F20B4DA289Eh |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| xor ecx, ecx |
| cmp eax, dword ptr [0041F240h+ecx*8] |
| je 00007F20B4DA2A25h |
| inc ecx |
| cmp ecx, 2Dh |
| jc 00007F20B4DA2A03h |
| lea ecx, dword ptr [eax-13h] |
| cmp ecx, 11h |
| jnbe 00007F20B4DA2A20h |
| push 0000000Dh |
| pop eax |
| pop ebp |
| ret |
| mov eax, dword ptr [0041F244h+ecx*8] |
| pop ebp |
| ret |
| add eax, FFFFFF44h |
| push 0000000Eh |
| pop ecx |
| cmp ecx, eax |
| sbb eax, eax |
| and eax, ecx |
| add eax, 08h |
| pop ebp |
| ret |
| call 00007F20B4DA6450h |
| test eax, eax |
| jne 00007F20B4DA2A18h |
| mov eax, 0041F3A8h |
| ret |
| add eax, 08h |
| ret |
| call 00007F20B4DA643Dh |
| test eax, eax |
| jne 00007F20B4DA2A18h |
| mov eax, 0041F3ACh |
| ret |
| add eax, 0Ch |
| ret |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push esi |
| call 00007F20B4DA29F7h |
| mov ecx, dword ptr [ebp+08h] |
| push ecx |
| mov dword ptr [eax], ecx |
| call 00007F20B4DA2997h |
| pop ecx |
| mov esi, eax |
| call 00007F20B4DA29D1h |
| mov dword ptr [eax], esi |
| pop esi |
| pop ebp |
| ret |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 4Ch |
| mov eax, dword ptr [0041F3DCh] |
| xor eax, ebp |
| mov dword ptr [ebp-04h], eax |
| push ebx |
| xor ebx, ebx |
| push esi |
| mov esi, dword ptr [ebp+08h] |
| push edi |
| mov dword ptr [ebp-2Ch], ebx |
| mov dword ptr [ebp-1Ch], ebx |
| mov dword ptr [ebp-20h], ebx |
| mov dword ptr [ebp-28h], ebx |
| mov dword ptr [ebp-24h], ebx |
| mov dword ptr [ebp-4Ch], esi |
| mov dword ptr [ebp-48h], ebx |
| cmp dword ptr [esi+14h], ebx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1d924 | 0x3c | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2e3000 | 0xb378 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x44d8 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1e8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1d45c | 0x1d600 | 5d4c497de33f6864e8195520738ec3ed | False | 0.5244847074468085 | data | 6.498117631161349 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x1f000 | 0x2c37a4 | 0x44000 | 67f4b572741264a79eb7f4ce48a4b561 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x2e3000 | 0xb378 | 0xb400 | 7873673bc5e1f62c57e83ca774cb8986 | False | 0.38374565972222224 | data | 4.341955285843472 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x2e34f0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.5027075812274369 |
| RT_ICON | 0x2e34f0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.5027075812274369 |
| RT_ICON | 0x2e3d98 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.5662442396313364 |
| RT_ICON | 0x2e3d98 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.5662442396313364 |
| RT_ICON | 0x2e4460 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.5563583815028902 |
| RT_ICON | 0x2e4460 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.5563583815028902 |
| RT_ICON | 0x2e49c8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.43316135084427765 |
| RT_ICON | 0x2e49c8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.43316135084427765 |
| RT_ICON | 0x2e5a70 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.4151639344262295 |
| RT_ICON | 0x2e5a70 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.4151639344262295 |
| RT_ICON | 0x2e63f8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.4512411347517731 |
| RT_ICON | 0x2e63f8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.4512411347517731 |
| RT_ICON | 0x2e68c0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.31663113006396587 |
| RT_ICON | 0x2e68c0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.31663113006396587 |
| RT_ICON | 0x2e7768 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.3916967509025271 |
| RT_ICON | 0x2e7768 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.3916967509025271 |
| RT_ICON | 0x2e8010 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.4377880184331797 |
| RT_ICON | 0x2e8010 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.4377880184331797 |
| RT_ICON | 0x2e86d8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.4190751445086705 |
| RT_ICON | 0x2e86d8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.4190751445086705 |
| RT_ICON | 0x2e8c40 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.25570539419087135 |
| RT_ICON | 0x2e8c40 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.25570539419087135 |
| RT_ICON | 0x2eb1e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.29080675422138835 |
| RT_ICON | 0x2eb1e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.29080675422138835 |
| RT_ICON | 0x2ec290 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.3008196721311475 |
| RT_ICON | 0x2ec290 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.3008196721311475 |
| RT_ICON | 0x2ecc18 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.3351063829787234 |
| RT_ICON | 0x2ecc18 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.3351063829787234 |
| RT_STRING | 0x2ed3a8 | 0x412 | data | Tamil | India | 0.45777351247600767 |
| RT_STRING | 0x2ed3a8 | 0x412 | data | Tamil | Sri Lanka | 0.45777351247600767 |
| RT_STRING | 0x2ed7c0 | 0x360 | data | Tamil | India | 0.48032407407407407 |
| RT_STRING | 0x2ed7c0 | 0x360 | data | Tamil | Sri Lanka | 0.48032407407407407 |
| RT_STRING | 0x2edb20 | 0x25e | data | Tamil | India | 0.4834983498349835 |
| RT_STRING | 0x2edb20 | 0x25e | data | Tamil | Sri Lanka | 0.4834983498349835 |
| RT_STRING | 0x2edd80 | 0x5f6 | data | Tamil | India | 0.4351245085190039 |
| RT_STRING | 0x2edd80 | 0x5f6 | data | Tamil | Sri Lanka | 0.4351245085190039 |
| RT_ACCELERATOR | 0x2ed0f8 | 0x90 | data | Tamil | India | 0.6944444444444444 |
| RT_ACCELERATOR | 0x2ed0f8 | 0x90 | data | Tamil | Sri Lanka | 0.6944444444444444 |
| RT_GROUP_ICON | 0x2e6860 | 0x5a | data | Tamil | India | 0.7222222222222222 |
| RT_GROUP_ICON | 0x2e6860 | 0x5a | data | Tamil | Sri Lanka | 0.7222222222222222 |
| RT_GROUP_ICON | 0x2ed080 | 0x76 | data | Tamil | India | 0.6779661016949152 |
| RT_GROUP_ICON | 0x2ed080 | 0x76 | data | Tamil | Sri Lanka | 0.6779661016949152 |
| RT_VERSION | 0x2ed198 | 0x20c | data | 0.5629770992366412 | ||
| None | 0x2ed188 | 0xa | data | Tamil | India | 1.8 |
| None | 0x2ed188 | 0xa | data | Tamil | Sri Lanka | 1.8 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetDriveTypeW, GetProfileIntW, GetConsoleAliasExesLengthA, LoadResource, InterlockedIncrement, WaitNamedPipeA, SetComputerNameW, OpenSemaphoreA, FreeEnvironmentStringsA, MoveFileWithProgressA, GetModuleHandleW, GetSystemTimeAsFileTime, EnumTimeFormatsW, SetProcessPriorityBoost, GetVolumePathNameW, GetPrivateProfileIntA, GetPrivateProfileStructW, GetSystemPowerStatus, GetCalendarInfoW, FreeConsole, GetFileAttributesW, WriteConsoleW, lstrcatA, GetShortPathNameA, EnumSystemLocalesA, DeleteFiber, SearchPathW, GetProcAddress, ResetEvent, LoadLibraryA, WriteConsoleA, GetProcessId, InterlockedExchangeAdd, OpenWaitableTimerW, LocalAlloc, SetCalendarInfoW, FindFirstVolumeMountPointW, QueryDosDeviceW, AddAtomA, SetSystemTime, GlobalWire, GetModuleFileNameA, FindNextFileA, CreateIoCompletionPort, GetModuleHandleA, FreeEnvironmentStringsW, CreateMailslotA, EnumDateFormatsW, CompareStringA, TerminateJobObject, FileTimeToLocalFileTime, GetVolumeNameForVolumeMountPointW, EnumCalendarInfoExA, EnumSystemLocalesW, AreFileApisANSI, GetLastError, GlobalFix, WideCharToMultiByte, InterlockedDecrement, InterlockedExchange, MultiByteToWideChar, EncodePointer, DecodePointer, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, HeapAlloc, HeapReAlloc, GetCommandLineA, HeapSetInformation, GetStartupInfoW, GetCPInfo, RaiseException, RtlUnwind, LCMapStringW, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, IsProcessorFeaturePresent, HeapCreate, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, SetFilePointer, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetStringTypeW, GetLocaleInfoW, HeapSize, GetUserDefaultLCID, GetLocaleInfoA, IsValidLocale, GetConsoleCP, GetConsoleMode, LoadLibraryW, SetStdHandle, FlushFileBuffers, CreateFileW, CloseHandle |
| GDI32.dll | GetCharABCWidthsA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Tamil | India |  |
| Tamil | Sri Lanka |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-13T10:50:45.112747+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49979 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:50:45.112747+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49836 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:51:36.232008+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 4.245.163.56 | 443 | 192.168.2.5 | 49755 | TCP |
| 2024-11-13T10:51:47.843734+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49788 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:05.903144+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49880 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:14.410644+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 4.245.163.56 | 443 | 192.168.2.5 | 49965 | TCP |
| 2024-11-13T10:52:14.894678+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49929 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:23.675839+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49978 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:41.586763+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49980 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:42.381649+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49982 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:42.381649+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.5 | 49982 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:52:59.612142+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49983 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:08.398262+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49984 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:17.308529+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49985 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:26.119013+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49986 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:35.006309+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49987 | 94.158.244.69 | 80 | TCP |
| 2024-11-13T10:53:43.823782+0100 | 2043206 | ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 | 1 | 192.168.2.5 | 49988 | 94.158.244.69 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 13, 2024 10:51:39.357161999 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.362869978 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.363140106 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.363364935 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.363765001 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.368788004 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.368891001 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.369215965 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369225979 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369236946 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369343042 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369353056 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369363070 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369374037 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369379044 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:39.369688988 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.369699001 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.376010895 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.376496077 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.376506090 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.376516104 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:39.376524925 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:47.843594074 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:47.843734026 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:47.844388008 CET | 49788 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:47.849270105 CET | 80 | 49788 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.381798983 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.386600018 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.386814117 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.387343884 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.387384892 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.392174006 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392188072 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392198086 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392249107 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.392257929 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392267942 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392323017 CET | 49836 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:48.392375946 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392394066 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392509937 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392520905 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.392538071 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397197962 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397211075 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397228003 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397237062 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397263050 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.397274017 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:48.441327095 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:56.868161917 CET | 80 | 49836 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:57.422661066 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:57.427716017 CET | 80 | 49880 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:57.427927971 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:57.428078890 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:57.428469896 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:51:57.433027983 CET | 80 | 49880 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:51:57.433443069 CET | 80 | 49880 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:05.903078079 CET | 80 | 49880 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:05.903143883 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:05.903235912 CET | 49880 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:05.908052921 CET | 80 | 49880 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:06.408164978 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:06.413351059 CET | 80 | 49929 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:06.414611101 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:06.415471077 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:06.415994883 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:06.420453072 CET | 80 | 49929 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:06.420798063 CET | 80 | 49929 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:14.894579887 CET | 80 | 49929 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:14.894678116 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:14.894906998 CET | 49929 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:14.899760008 CET | 80 | 49929 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:15.185980082 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:15.191365957 CET | 80 | 49978 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:15.191611052 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:15.191611052 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:15.191987038 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:15.196397066 CET | 80 | 49978 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:15.196733952 CET | 80 | 49978 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:23.675676107 CET | 80 | 49978 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:23.675838947 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:23.675900936 CET | 49978 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:23.680854082 CET | 80 | 49978 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.181866884 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.186825991 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.187182903 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.187668085 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.187920094 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.192559958 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.192631006 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.192958117 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.192987919 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193008900 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.193037033 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193042040 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.193064928 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193082094 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.193136930 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193166018 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193216085 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193243980 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193274021 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.193310022 CET | 49979 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:24.197510958 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.197905064 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.198297977 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.198324919 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.198415995 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.198442936 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:24.241470098 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:32.696775913 CET | 80 | 49979 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:33.105895042 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:33.110902071 CET | 80 | 49980 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:33.111006021 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:33.111166000 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:33.111530066 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:33.115941048 CET | 80 | 49980 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:33.116287947 CET | 80 | 49980 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:41.586694002 CET | 80 | 49980 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:41.586762905 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:41.586869955 CET | 49980 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:41.591682911 CET | 80 | 49980 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.322516918 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.327481985 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.327802896 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.327802896 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.328429937 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.332804918 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.332973957 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.333323002 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333336115 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333345890 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333375931 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333385944 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333395004 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333398104 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333410025 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.333445072 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333452940 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.333484888 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.333494902 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.333532095 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.337898016 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.338093042 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.338489056 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.338510990 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.338515043 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.338589907 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.338601112 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.338603020 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.339216948 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.381392002 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.381649017 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.429411888 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.429533005 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.481376886 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.481801033 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.529400110 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.529652119 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.577377081 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.577922106 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.629422903 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.629784107 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.681685925 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.681833982 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.733609915 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.734092951 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.781383991 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.781924009 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.829435110 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.829835892 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.881398916 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.881505013 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.929483891 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.930965900 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:42.977540016 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:42.977650881 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.025429964 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.026958942 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.073404074 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.073956013 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.121391058 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.122961998 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.173378944 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.173451900 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.221402884 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.222047091 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.269583941 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.269736052 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.319179058 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.319295883 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.371085882 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.371203899 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.417423010 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.417609930 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.465411901 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.465605021 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.513331890 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.513447046 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.561476946 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.561600924 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.609571934 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.609791994 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.661410093 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.661617994 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.709336996 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.709444046 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.757522106 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.757594109 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.805545092 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.805613995 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.853483915 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.853600025 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.901437998 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.901527882 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.949389935 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.949471951 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:43.997513056 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:43.997638941 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.045397997 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.045571089 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.097409964 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.097487926 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.149435043 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.149513006 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.197403908 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.197488070 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.245369911 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.245426893 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.297384977 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.297480106 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.345473051 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.345523119 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.394195080 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.394263983 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.441359997 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.441482067 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.497085094 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.497353077 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.545363903 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.545471907 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.593431950 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.593552113 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.641417027 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.641522884 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.689505100 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.689630985 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.741488934 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.741564989 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.789509058 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.789589882 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.837419033 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.837533951 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.885366917 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.885423899 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.933386087 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.933463097 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:44.981489897 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:44.981573105 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.029388905 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.029532909 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.077519894 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.077644110 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.129403114 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.129525900 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.177376986 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.177445889 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.225357056 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.225447893 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.273396015 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.273504972 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.321368933 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.321500063 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.373404980 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.373538971 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.425357103 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.425479889 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.473448992 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.473501921 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.521507978 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.521564007 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.569453955 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.569572926 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.617527008 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.617614031 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.669605017 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.669857979 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.721600056 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.721848965 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.773380041 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.773499966 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.821448088 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.821589947 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.873347044 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.873475075 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.921366930 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.921483994 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:45.973498106 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:45.973721027 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.021399975 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.021517992 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.069427967 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.069488049 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.117350101 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.117415905 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.165432930 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.165620089 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.213418007 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.213530064 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.261297941 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.261377096 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.309309006 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.309410095 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.357428074 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.357588053 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.405406952 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.405535936 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.453466892 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.453527927 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.501436949 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.501673937 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.549660921 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.549814939 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.597414970 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.597486019 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.645354986 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.645447969 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.693417072 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.693474054 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.741357088 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.741415024 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.789383888 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.789459944 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.837456942 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.837569952 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.885440111 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.885504961 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.933420897 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.933537006 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:46.981877089 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:46.981973886 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.029464006 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.029620886 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.077583075 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.077811003 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.125605106 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.125830889 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.173397064 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.173578024 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.221481085 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.223071098 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.273484945 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.273694992 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.321567059 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.321657896 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.373553038 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.373698950 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.425539017 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.425698996 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.473624945 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.473685980 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.521537066 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.521677971 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.573404074 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.573581934 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.625854969 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.625993013 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.677336931 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.677584887 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:47.729469061 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:47.731216908 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.005213976 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.007041931 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.012015104 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.014206886 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.061463118 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.063066006 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.109416962 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.109574080 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.161314964 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.161452055 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.209384918 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.209512949 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.261499882 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.261725903 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.309401989 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.309505939 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.357465982 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.357583046 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.409419060 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.409660101 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.457403898 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.457464933 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.505527020 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.505614042 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.553423882 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.553495884 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.601419926 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.601475954 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.649415016 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.649565935 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.699333906 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.699501991 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.749481916 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.749633074 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.797408104 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.797558069 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.849512100 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.849658012 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.898266077 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.898364067 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:48.950020075 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:48.950165987 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.001996994 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.002129078 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.049474001 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.049633026 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.097728968 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.097878933 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.145412922 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.145503044 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.193536043 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.193614006 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.241390944 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.241481066 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.289360046 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.289603949 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.341531038 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.341674089 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.393491983 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.393630981 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.441369057 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.441450119 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.493804932 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.493938923 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.541990042 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.542104006 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.594199896 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.594288111 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.641509056 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.641710997 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.689591885 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.689783096 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.737443924 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.737533092 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.785394907 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.785451889 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.833369970 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.833492041 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.881489038 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.881546021 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.929375887 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.929471970 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:49.978209972 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:49.978456020 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.025631905 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.025872946 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.077433109 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.077516079 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.125416994 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.125521898 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.173444033 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.173533916 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.225471973 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.225569963 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.277439117 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.277493954 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.329639912 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.329713106 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.381556988 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.381661892 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.429572105 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.429663897 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.481463909 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.481698036 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.529377937 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.529609919 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.577440023 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.577640057 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.629376888 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.629556894 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.677493095 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.677736044 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.729629993 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.729788065 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.777587891 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:50.777708054 CET | 49982 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:50.810826063 CET | 80 | 49982 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:51.122725964 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:51.128950119 CET | 80 | 49983 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:51.129143000 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:51.129193068 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:51.129554987 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:51.134027004 CET | 80 | 49983 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:51.134380102 CET | 80 | 49983 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:59.611995935 CET | 80 | 49983 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:59.612142086 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.612231016 CET | 49983 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.617177010 CET | 80 | 49983 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:59.906548977 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.911437988 CET | 80 | 49984 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:59.911680937 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.911824942 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.912281990 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:52:59.916625977 CET | 80 | 49984 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:52:59.917211056 CET | 80 | 49984 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:08.398130894 CET | 80 | 49984 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:08.398262024 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.398365021 CET | 49984 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.405067921 CET | 80 | 49984 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:08.826884985 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.831962109 CET | 80 | 49985 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:08.832578897 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.832735062 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.833134890 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:08.837568045 CET | 80 | 49985 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:08.837934017 CET | 80 | 49985 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:17.308381081 CET | 80 | 49985 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:17.308528900 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.310117960 CET | 49985 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.315023899 CET | 80 | 49985 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:17.607824087 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.612835884 CET | 80 | 49986 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:17.612921953 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.613392115 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.613775015 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:17.618221998 CET | 80 | 49986 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:17.618586063 CET | 80 | 49986 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:26.118911982 CET | 80 | 49986 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:26.119013071 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.119100094 CET | 49986 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.126106024 CET | 80 | 49986 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:26.411230087 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.416451931 CET | 80 | 49987 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:26.416531086 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.416662931 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.417109013 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:26.421567917 CET | 80 | 49987 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:26.421910048 CET | 80 | 49987 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:35.006238937 CET | 80 | 49987 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:35.006309032 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.006419897 CET | 49987 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.021198988 CET | 80 | 49987 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:35.330020905 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.335205078 CET | 80 | 49988 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:35.335480928 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.337399960 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.337399960 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:35.342370033 CET | 80 | 49988 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:35.342386961 CET | 80 | 49988 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:43.823664904 CET | 80 | 49988 | 94.158.244.69 | 192.168.2.5 |
| Nov 13, 2024 10:53:43.823781967 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:43.823868990 CET | 49988 | 80 | 192.168.2.5 | 94.158.244.69 |
| Nov 13, 2024 10:53:43.828764915 CET | 80 | 49988 | 94.158.244.69 | 192.168.2.5 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49788 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:51:39.363364935 CET | 190 | OUT | |
| Nov 13, 2024 10:51:39.363765001 CET | 11124 | OUT | |
| Nov 13, 2024 10:51:39.368891001 CET | 1236 | OUT | |
| Nov 13, 2024 10:51:39.369379044 CET | 4095 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49836 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:51:48.387343884 CET | 190 | OUT | |
| Nov 13, 2024 10:51:48.387384892 CET | 11124 | OUT | |
| Nov 13, 2024 10:51:48.392249107 CET | 6180 | OUT | |
| Nov 13, 2024 10:51:48.392323017 CET | 1712 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49880 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:51:57.428078890 CET | 188 | OUT | |
| Nov 13, 2024 10:51:57.428469896 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49929 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:06.415471077 CET | 188 | OUT | |
| Nov 13, 2024 10:52:06.415994883 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49978 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:15.191611052 CET | 188 | OUT | |
| Nov 13, 2024 10:52:15.191987038 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49979 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:24.187668085 CET | 190 | OUT | |
| Nov 13, 2024 10:52:24.187920094 CET | 11124 | OUT | |
| Nov 13, 2024 10:52:24.192631006 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:24.193008900 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:24.193042040 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:24.193082094 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:24.193310022 CET | 724 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49980 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:33.111166000 CET | 189 | OUT | |
| Nov 13, 2024 10:52:33.111530066 CET | 1135 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49982 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:42.327802896 CET | 191 | OUT | |
| Nov 13, 2024 10:52:42.328429937 CET | 11124 | OUT | |
| Nov 13, 2024 10:52:42.332973957 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:42.333410025 CET | 7416 | OUT | |
| Nov 13, 2024 10:52:42.333452940 CET | 9888 | OUT | |
| Nov 13, 2024 10:52:42.333494902 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:42.333532095 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:42.338093042 CET | 1236 | OUT | |
| Nov 13, 2024 10:52:42.338601112 CET | 4944 | OUT | |
| Nov 13, 2024 10:52:42.339216948 CET | 2472 | OUT | |
| Nov 13, 2024 10:52:42.381649017 CET | 25956 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 49983 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:51.129193068 CET | 188 | OUT | |
| Nov 13, 2024 10:52:51.129554987 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.5 | 49984 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:52:59.911824942 CET | 188 | OUT | |
| Nov 13, 2024 10:52:59.912281990 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.5 | 49985 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:08.832735062 CET | 188 | OUT | |
| Nov 13, 2024 10:53:08.833134890 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.5 | 49986 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:17.613392115 CET | 188 | OUT | |
| Nov 13, 2024 10:53:17.613775015 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.5 | 49987 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:26.416662931 CET | 188 | OUT | |
| Nov 13, 2024 10:53:26.417109013 CET | 440 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.5 | 49988 | 94.158.244.69 | 80 | 7104 | C:\Users\user\Desktop\cgln32y2HF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 13, 2024 10:53:35.337399960 CET | 188 | OUT | |
| Nov 13, 2024 10:53:35.337399960 CET | 440 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 04:50:49 |
| Start date: | 13/11/2024 |
| Path: | C:\Users\user\Desktop\cgln32y2HF.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 445'952 bytes |
| MD5 hash: | 21F41D9EC4E120F5BC7D543CDE6A9CEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 3.9% |
| Dynamic/Decrypted Code Coverage: | 11.1% |
| Signature Coverage: | 51.5% |
| Total number of Nodes: | 787 |
| Total number of Limit Nodes: | 26 |
Graph
Function 004069A1 Relevance: 208.6, APIs: 6, Strings: 112, Instructions: 2052stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00436ADC Relevance: 91.3, APIs: 22, Strings: 29, Instructions: 2004COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B81C Relevance: 70.2, APIs: 17, Strings: 22, Instructions: 1922stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040E14E Relevance: 40.3, APIs: 6, Strings: 16, Instructions: 1823stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00430E6C Relevance: 39.9, APIs: 14, Strings: 8, Instructions: 1432memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00434080 Relevance: 39.4, APIs: 10, Strings: 12, Instructions: 872registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042AD82 Relevance: 25.7, Strings: 20, Instructions: 749COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405AAA Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 448stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040620B Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 445stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042B9C5 Relevance: 16.7, Strings: 13, Instructions: 436COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040A928 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 475stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042FD35 Relevance: 14.1, Strings: 11, Instructions: 308COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004262A1 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 391libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B129 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375nativefileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00422177 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183nativeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401FF9 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 254sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004224A3 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 201nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042C0DA Relevance: 6.8, Strings: 5, Instructions: 552COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043B362 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 550stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00430228 Relevance: 5.7, Strings: 4, Instructions: 717COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004052D9 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 467encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F278 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042CFBA Relevance: 5.4, Strings: 4, Instructions: 405COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00453BC4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B7BB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B7F5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0079A16E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004245EC Relevance: 1.7, APIs: 1, Instructions: 207nativeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00421EEB Relevance: 1.7, APIs: 1, Instructions: 153nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F1C2 Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044FB15 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00443998 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F625 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 418stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00432718 Relevance: 10.7, APIs: 7, Instructions: 234COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044CF15 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044575F Relevance: 9.3, APIs: 6, Instructions: 269COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402FCC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 283libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00453B82 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044E224 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02330E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418BA2 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045699F Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450330 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044EB6F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00799E2D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233BA83 Relevance: 42.2, APIs: 5, Strings: 18, Instructions: 1922stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023642E7 Relevance: 25.4, APIs: 7, Strings: 7, Instructions: 872registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233E3B5 Relevance: 20.6, Strings: 15, Instructions: 1822COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00439535 Relevance: 10.9, Strings: 8, Instructions: 905COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00428334 Relevance: 9.8, Strings: 7, Instructions: 1067COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424C8D Relevance: 7.4, Strings: 5, Instructions: 1174COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02332260 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 254sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041EBEB Relevance: 6.8, Strings: 5, Instructions: 537COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023603F5 Relevance: 6.6, Strings: 5, Instructions: 301COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233AB8F Relevance: 6.5, APIs: 4, Instructions: 475stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044F244 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00451FBC Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02382223 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CE95 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0235D221 Relevance: 5.4, Strings: 4, Instructions: 405COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424BED Relevance: 4.5, APIs: 3, Instructions: 32fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00448800 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02378A67 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043BCA4 Relevance: 3.1, Strings: 2, Instructions: 611COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D600 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044614F Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0233B390 Relevance: 2.9, Strings: 2, Instructions: 375COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004279E0 Relevance: 1.8, Strings: 1, Instructions: 509COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00415070 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023452D7 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00451F08 Relevance: 1.7, APIs: 1, Instructions: 158fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D0B8 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00414A83 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023712BE Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040136E Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041F916 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0234FB7D Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424B24 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043CE89 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041E6F0 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004126B9 Relevance: .8, Instructions: 751COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0235C341 Relevance: .6, Instructions: 552COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041D1E9 Relevance: .5, Instructions: 492COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041204D Relevance: .5, Instructions: 486COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023422B4 Relevance: .5, Instructions: 486COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040D994 Relevance: .5, Instructions: 464COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041316D Relevance: .4, Instructions: 440COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0041E083 Relevance: .4, Instructions: 379COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0234E2EA Relevance: .4, Instructions: 379COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429A5B Relevance: .3, Instructions: 346COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00441057 Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044234A Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410A33 Relevance: .3, Instructions: 313COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00418413 Relevance: .3, Instructions: 279COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429730 Relevance: .2, Instructions: 246COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004109FC Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044915B Relevance: .2, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02359ADA Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00424995 Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0043D8D0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0236DB37 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00422817 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02352A7E Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00426A42 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00799A4B Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00410218 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00429EF7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004269E4 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042F265 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045999F Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045C793 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044C5A0 Relevance: 9.3, APIs: 6, Instructions: 275COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00443916 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044623D Relevance: 7.6, APIs: 5, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446CD2 Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00459DC4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00456D31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004537D0 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0044C89A Relevance: 6.1, APIs: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00450F41 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00455DA6 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00455E0C Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0045962F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|