Edit tour
Windows
Analysis Report
order and drawings_pdf.exe
Overview
General Information
| Sample name: | order and drawings_pdf.exe |
| Analysis ID: | 1559214 |
| MD5: | 4726039e5f4d03f6f3f9cc0cd8d423a1 |
| SHA1: | 3dc80b737f67481eb0385b2a25058309c7a63989 |
| SHA256: | 9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040 |
| Tags: | AgentTeslaexeuser-lowmal3 |
| Infos: |  |
 | |
Detection
AgentTesla
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
order and drawings_pdf.exe (PID: 7292 cmdline: "C:\Users\ user\Deskt op\order a nd drawing s_pdf.exe" MD5: 4726039E5F4D03F6F3F9CC0CD8D423A1) 
RegSvcs.exe (PID: 7360 cmdline: "C:\Users\ user\Deskt op\order a nd drawing s_pdf.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "FTP", "Host": "ftp://ftp.gizemetiket.com.tr", "Username": "pgizemM6", "Password": "giz95Ffg"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen |
| |
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| Click to see the 8 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 7 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-20T10:15:08.237196+0100 | 2029927 | 1 | A Network Trojan was detected | 192.168.2.5 | 49705 | 93.89.225.40 | 21 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-20T10:15:08.466736+0100 | 2855542 | 1 | A Network Trojan was detected | 192.168.2.5 | 49706 | 93.89.225.40 | 54896 | TCP |
| 2024-11-20T10:15:08.742494+0100 | 2855542 | 1 | A Network Trojan was detected | 192.168.2.5 | 49706 | 93.89.225.40 | 54896 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00666CA9 | |
| Source: | Code function: | 0_2_006660DD | |
| Source: | Code function: | 0_2_006663F9 | |
| Source: | Code function: | 0_2_0066EB60 | |
| Source: | Code function: | 0_2_0066F56F | |
| Source: | Code function: | 0_2_0066F5FA | |
| Source: | Code function: | 0_2_00671B2F | |
| Source: | Code function: | 0_2_00671C8A | |
| Source: | Code function: | 0_2_00671F94 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | FTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00674EB5 | |
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | .Net Code: | ||
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00676B0C | |
| Source: | Code function: | 0_2_00676D07 | |
| Source: | Code function: | 0_2_00676B0C | |
| Source: | Code function: | 0_2_00662B37 | |
| Source: | Window created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0068F7FF | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00623D19 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_21a34f52-0 | |
| Source: | String found in binary or memory: | memstr_77515b17-b | |
| Source: | String found in binary or memory: | memstr_faa506b8-5 | |
| Source: | String found in binary or memory: | memstr_39e71129-9 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00666606 | |
| Source: | Code function: | 0_2_0065ACC5 | |
| Source: | Code function: | 0_2_006679D3 | |
| Source: | Code function: | 0_2_0064B043 | |
| Source: | Code function: | 0_2_00633200 | |
| Source: | Code function: | 0_2_00633B70 | |
| Source: | Code function: | 0_2_0065410F | |
| Source: | Code function: | 0_2_006402A4 | |
| Source: | Code function: | 0_2_0062E3B0 | |
| Source: | Code function: | 0_2_0065038E | |
| Source: | Code function: | 0_2_0065467F | |
| Source: | Code function: | 0_2_006406D9 | |
| Source: | Code function: | 0_2_0068AACE | |
| Source: | Code function: | 0_2_00654BEF | |
| Source: | Code function: | 0_2_0064CCC1 | |
| Source: | Code function: | 0_2_0062AF50 | |
| Source: | Code function: | 0_2_00626F07 | |
| Source: | Code function: | 0_2_0063B11F | |
| Source: | Code function: | 0_2_006831BC | |
| Source: | Code function: | 0_2_0064D1B9 | |
| Source: | Code function: | 0_2_0065724D | |
| Source: | Code function: | 0_2_0064123A | |
| Source: | Code function: | 0_2_006293F0 | |
| Source: | Code function: | 0_2_006613CA | |
| Source: | Code function: | 0_2_0063F563 | |
| Source: | Code function: | 0_2_006296C0 | |
| Source: | Code function: | 0_2_0066B6CC | |
| Source: | Code function: | 0_2_0068F7FF | |
| Source: | Code function: | 0_2_006277B0 | |
| Source: | Code function: | 0_2_006579C9 | |
| Source: | Code function: | 0_2_0063FA57 | |
| Source: | Code function: | 0_2_00629B60 | |
| Source: | Code function: | 0_2_00627D19 | |
| Source: | Code function: | 0_2_0063FE6F | |
| Source: | Code function: | 0_2_00649ED0 | |
| Source: | Code function: | 0_2_00627FA3 | |
| Source: | Code function: | 0_2_00CAC540 | |
| Source: | Code function: | 2_2_0093E0E8 | |
| Source: | Code function: | 2_2_0093A210 | |
| Source: | Code function: | 2_2_0093AAA0 | |
| Source: | Code function: | 2_2_00934A58 | |
| Source: | Code function: | 2_2_0093DC60 | |
| Source: | Code function: | 2_2_00933E40 | |
| Source: | Code function: | 2_2_00934188 | |
| Source: | Code function: | 2_2_05E655C0 | |
| Source: | Code function: | 2_2_05E665D0 | |
| Source: | Code function: | 2_2_05E67D60 | |
| Source: | Code function: | 2_2_05E62398 | |
| Source: | Code function: | 2_2_05E6B220 | |
| Source: | Code function: | 2_2_05E65CC8 | |
| Source: | Code function: | 2_2_05E67680 | |
| Source: | Code function: | 2_2_05E60040 | |
| Source: | Code function: | 2_2_05E6E390 | |
| Source: | Code function: | 2_2_05F51402 | |
| Source: | Code function: | 2_2_05F51408 | |
| Source: | Code function: | 2_2_05E60006 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0066CE7A | |
| Source: | Code function: | 0_2_0065AB84 | |
| Source: | Code function: | 0_2_0065B134 | |
| Source: | Code function: | 0_2_0066E1FD | |
| Source: | Code function: | 0_2_00666532 | |
| Source: | Code function: | 0_2_0067C18C | |
| Source: | Code function: | 0_2_0062406B | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0063E01E | |
| Source: | Code function: | 0_2_006A240B | |
| Source: | Code function: | 0_2_006A2413 | |
| Source: | Code function: | 0_2_006328E1 | |
| Source: | Code function: | 0_2_00646B18 | |
| Source: | Code function: | 0_2_006AB9DA | |
| Source: | Code function: | 0_2_006AB98A | |
| Source: | Code function: | 2_2_00930C7A | |
| Source: | Code function: | 2_2_05F5AED0 | |
| Source: | Code function: | 0_2_00688111 | |
| Source: | Code function: | 0_2_0063EB42 | |
| Source: | Code function: | 0_2_0064123A | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evaded block: | graph_0-94385 | ||
| Source: | Evasive API call chain: | graph_0-95097 | ||
| Source: | API coverage: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_00666CA9 | |
| Source: | Code function: | 0_2_006660DD | |
| Source: | Code function: | 0_2_006663F9 | |
| Source: | Code function: | 0_2_0066EB60 | |
| Source: | Code function: | 0_2_0066F56F | |
| Source: | Code function: | 0_2_0066F5FA | |
| Source: | Code function: | 0_2_00671B2F | |
| Source: | Code function: | 0_2_00671C8A | |
| Source: | Code function: | 0_2_00671F94 | |
| Source: | Code function: | 0_2_0063DDC0 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-94679 | ||
| Source: | API call chain: | graph_0-93380 | ||
| Source: | Code function: | 0_2_00676AAF | |
| Source: | Code function: | 0_2_00623D19 | |
| Source: | Code function: | 0_2_00653920 | |
| Source: | Code function: | 0_2_0063E01E | |
| Source: | Code function: | 0_2_00CAC3D0 | |
| Source: | Code function: | 0_2_00CAC430 | |
| Source: | Code function: | 0_2_00CAADC0 | |
| Source: | Code function: | 0_2_0065A66C | |
| Source: | Code function: | 0_2_006481AC | |
| Source: | Code function: | 0_2_00648189 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 0_2_0065B106 | |
| Source: | Code function: | 0_2_00623D19 | |
| Source: | Code function: | 0_2_0066411C | |
| Source: | Code function: | 0_2_006674E7 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0065A66C | |
| Source: | Code function: | 0_2_006671FA | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_006465C4 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_0067091D | |
| Source: | Code function: | 0_2_0069B340 | |
| Source: | Code function: | 0_2_00651E8E | |
| Source: | Code function: | 0_2_0063DDC0 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00678C4F | |
| Source: | Code function: | 0_2_0067923B | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | 1 Exfiltration Over Alternative Protocol | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 3 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 221 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 138 System Information Discovery | Distributed Component Object Model | 221 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 241 Security Software Discovery | SSH | 4 Clipboard Data | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 121 Virtualization/Sandbox Evasion | Cached Domain Credentials | 121 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 53% | ReversingLabs | Win32.Trojan.AutoitInject | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.ipify.org | 104.26.12.205 | true | false | high | |
| ftp.gizemetiket.com.tr | 93.89.225.40 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 93.89.225.40 | ftp.gizemetiket.com.tr | Turkey | 51557 | TR-FBSTR | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1559214 |
| Start date and time: | 2024-11-20 10:14:08 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 29s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | order and drawings_pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/2@2/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: order and drawings_pdf.exe
| Time | Type | Description |
|---|---|---|
| 04:15:05 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.12.205 | Get hash | malicious | Targeted Ransomware | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 93.89.225.40 | Get hash | malicious | AgentTesla | Browse | ||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | AgentTesla | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ftp.gizemetiket.com.tr | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| TR-FBSTR | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Cobalt Strike, AgentTesla, HTMLPhisher | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\order and drawings_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 142822 |
| Entropy (8bit): | 7.7509512082493 |
| Encrypted: | false |
| SSDEEP: | 3072:zkJ8WyZF4iMaM2hBgstc9S4VMLPk25IPByB8l:AkZF4FStcHKPk254yBO |
| MD5: | 346446977B1BE469E175A27BEAA56751 |
| SHA1: | 924F59E4E852E3A33ED0F180CB2D94958D8CF749 |
| SHA-256: | C58B0DBF568F1966D8484F5E9D74058815F9BB01460EF49BC0FEF93F60EF2AE9 |
| SHA-512: | 65943C7CF815FE44A4F606998297338583AF6AB27CDC227B21B205DCED511AD760F591079EE01CE8A7E466959F8325F76C0525968F45035110892E65E36225CD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\order and drawings_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 239104 |
| Entropy (8bit): | 6.547601133334871 |
| Encrypted: | false |
| SSDEEP: | 6144:XfVfnz3jhvnRkIZ5AE/V36YYI/wEJdYQ7ZTL8SJ:XNfz35nRUE/V5JV/N |
| MD5: | FB4BF2907425C46297C2605C742E7B06 |
| SHA1: | 0F11CBB774834A1C06121AFFC57E072DCAB03227 |
| SHA-256: | 625FFA60FFC8D2E295D795B1BEF7F0039F9338CD0BA7AA65A069F29229FAB107 |
| SHA-512: | 67848390BF09E9F1C61A6B8C140B219A7853C4BDCFB28DD828CF8FF5EB1DF4FA9BC42E6CC0AC5BBB03C1EB2F07C697F68AAE77713D1D91CB4B1576DE2D973D1F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.970462540382765 |
| TrID: |
|
| File name: | order and drawings_pdf.exe |
| File size: | 1'075'200 bytes |
| MD5: | 4726039e5f4d03f6f3f9cc0cd8d423a1 |
| SHA1: | 3dc80b737f67481eb0385b2a25058309c7a63989 |
| SHA256: | 9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040 |
| SHA512: | 69487f9904d791cfe64cfeb6f7707032a843858eae747fcec5b3ca88286ce2de43e8324a9c85482c1d9353f7509ef749e7dc68775335f940e2178d8094218dd5 |
| SSDEEP: | 24576:6tb20pkaCqT5TBWgNQ7a7Na6KD3176FE6A:nVg5tQ7a7NatDZ6C5 |
| TLSH: | BA35CF1363DE8365C3B25273BA25B701BEBF782506A5F96B2FD4093DE920122521E773 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich........... |
 | |
| Icon Hash: | aaf3e3e3938382a0 |
| Entrypoint: | 0x425f74 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x673CBD3F [Tue Nov 19 16:30:55 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 3d95adbf13bbe79dc24dccb401c12091 |
| Instruction |
|---|
| call 00007FBCE543700Fh |
| jmp 00007FBCE542A024h |
| int3 |
| int3 |
| push edi |
| push esi |
| mov esi, dword ptr [esp+10h] |
| mov ecx, dword ptr [esp+14h] |
| mov edi, dword ptr [esp+0Ch] |
| mov eax, ecx |
| mov edx, ecx |
| add eax, esi |
| cmp edi, esi |
| jbe 00007FBCE542A1AAh |
| cmp edi, eax |
| jc 00007FBCE542A50Eh |
| bt dword ptr [004C0158h], 01h |
| jnc 00007FBCE542A1A9h |
| rep movsb |
| jmp 00007FBCE542A4BCh |
| cmp ecx, 00000080h |
| jc 00007FBCE542A374h |
| mov eax, edi |
| xor eax, esi |
| test eax, 0000000Fh |
| jne 00007FBCE542A1B0h |
| bt dword ptr [004BA370h], 01h |
| jc 00007FBCE542A680h |
| bt dword ptr [004C0158h], 00000000h |
| jnc 00007FBCE542A34Dh |
| test edi, 00000003h |
| jne 00007FBCE542A35Eh |
| test esi, 00000003h |
| jne 00007FBCE542A33Dh |
| bt edi, 02h |
| jnc 00007FBCE542A1AFh |
| mov eax, dword ptr [esi] |
| sub ecx, 04h |
| lea esi, dword ptr [esi+04h] |
| mov dword ptr [edi], eax |
| lea edi, dword ptr [edi+04h] |
| bt edi, 03h |
| jnc 00007FBCE542A1B3h |
| movq xmm1, qword ptr [esi] |
| sub ecx, 08h |
| lea esi, dword ptr [esi+08h] |
| movq qword ptr [edi], xmm1 |
| lea edi, dword ptr [edi+08h] |
| test esi, 00000007h |
| je 00007FBCE542A205h |
| bt esi, 03h |
| jnc 00007FBCE542A258h |
| movdqa xmm1, dqword ptr [esi+00h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb7004 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc4000 | 0x3d748 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x102000 | 0x6c4c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x8d8d0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb2730 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8d000 | 0x860 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x8b54f | 0x8b600 | f437a6545e938612764dbb0a314376fc | False | 0.5699499019058296 | data | 6.680413749210956 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8d000 | 0x2cc42 | 0x2ce00 | 827ffd24759e8e420890ecf164be989e | False | 0.330464397632312 | data | 5.770192333189168 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xba000 | 0x9d54 | 0x6200 | e0a519f8e3a35fae0d9c2cfd5a4bacfc | False | 0.16402264030612246 | data | 2.002691099965349 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xc4000 | 0x3d748 | 0x3d800 | d975d31db446e8a612f2957296f2eb81 | False | 0.8933284108231707 | data | 7.810497667703815 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x102000 | 0xa474 | 0xa600 | 0bc98f8631ef0bde830a7f83bb06ff08 | False | 0.5017884036144579 | data | 5.245426654116355 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xc45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xc46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xc47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xc4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
| RT_ICON | 0xc4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
| RT_ICON | 0xc4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
| RT_ICON | 0xc5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
| RT_ICON | 0xc6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
| RT_ICON | 0xc69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
| RT_ICON | 0xc8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
| RT_ICON | 0xca038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
| RT_MENU | 0xca4a0 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0xca4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0xcaa84 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
| RT_STRING | 0xcb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0xcb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0xcbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0xcc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0xcc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0xcc7b8 | 0x34a4f | data | 1.0003524539607014 | ||
| RT_GROUP_ICON | 0x101208 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
| RT_GROUP_ICON | 0x101280 | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0x101294 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0x1012a8 | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0x1012bc | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0x101398 | 0x3b0 | ASCII text, with CRLF line terminators | English | Great Britain | 0.5116525423728814 |
| DLL | Import |
|---|---|
| WSOCK32.dll | __WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket |
| VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon |
| MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
| WININET.dll | InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
| USERENV.dll | UnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA |
| USER32.dll | SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW |
| GDI32.dll | SetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath |
| COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
| ADVAPI32.dll | GetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce |
| SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
| OLEAUT32.dll | RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-20T10:15:08.237196+0100 | 2029927 | ET MALWARE AgentTesla Exfil via FTP | 1 | 192.168.2.5 | 49705 | 93.89.225.40 | 21 | TCP |
| 2024-11-20T10:15:08.466736+0100 | 2855542 | ETPRO MALWARE Agent Tesla CnC Exfil Activity | 1 | 192.168.2.5 | 49706 | 93.89.225.40 | 54896 | TCP |
| 2024-11-20T10:15:08.742494+0100 | 2855542 | ETPRO MALWARE Agent Tesla CnC Exfil Activity | 1 | 192.168.2.5 | 49706 | 93.89.225.40 | 54896 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 20, 2024 10:15:04.938627005 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:04.938680887 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:04.938760996 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:04.945671082 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:04.945687056 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.415333033 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.415497065 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:05.419845104 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:05.419859886 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.420106888 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.469369888 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:05.515347958 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.584388971 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.584450006 CET | 443 | 49704 | 104.26.12.205 | 192.168.2.5 |
| Nov 20, 2024 10:15:05.584559917 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:05.601213932 CET | 49704 | 443 | 192.168.2.5 | 104.26.12.205 |
| Nov 20, 2024 10:15:06.227663040 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:06.232955933 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:06.233023882 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:06.856956959 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:06.857132912 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:06.862185955 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.081981897 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.082401037 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:07.090466976 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.314343929 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.318573952 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:07.323523045 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.543824911 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.544014931 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:07.548942089 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.769329071 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.769483089 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:07.774446964 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:07.994916916 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.001636028 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.007831097 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.229212046 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.229880095 CET | 49706 | 54896 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.236967087 CET | 54896 | 49706 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.237086058 CET | 49706 | 54896 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.237195969 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.243990898 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.466402054 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.466736078 CET | 49706 | 54896 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.466787100 CET | 49706 | 54896 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.474000931 CET | 54896 | 49706 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.518326044 CET | 54896 | 49706 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.518371105 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.742387056 CET | 54896 | 49706 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:08.742494106 CET | 49706 | 54896 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:15:08.959321022 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:15:09.002702951 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.139022112 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.143923044 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.366066933 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.367180109 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.374110937 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.374205112 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.374452114 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.381350994 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.397037983 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.401959896 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.402028084 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.601277113 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.601604939 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.606671095 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606676102 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606687069 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606690884 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606708050 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606719017 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606719971 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606766939 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.606877089 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606882095 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606892109 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.606940031 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.606966019 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.611740112 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611743927 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611752987 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611804008 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611808062 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611815929 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.611818075 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.611871958 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.612006903 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.612097025 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.643294096 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:35.653630972 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.876857996 CET | 55008 | 49980 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:35.876966953 CET | 49980 | 55008 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.050051928 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.050508022 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.057744980 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.283488989 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.286549091 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.291568995 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.365796089 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.411335945 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.519428968 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.522619963 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.527544022 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.752979040 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.753911018 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.758858919 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.984383106 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:36.986530066 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:36.993896008 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.219266891 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.219428062 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.227677107 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.453318119 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.454122066 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.459068060 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.459204912 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.459336042 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.464299917 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.706307888 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.706592083 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.715497971 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715504885 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715517998 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715521097 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715528965 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715533018 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715539932 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715543032 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715550900 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715553999 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.715650082 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.715687037 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.723989010 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724080086 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724087954 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724091053 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724095106 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724097967 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.724240065 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.752825022 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.761295080 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.761486053 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:37.809303045 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.948292971 CET | 55010 | 49982 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:37.950166941 CET | 49982 | 55010 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:38.445390940 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:38.487085104 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:44.914827108 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:44.919748068 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.147133112 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.147830963 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.154382944 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.154480934 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.154583931 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.160911083 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.386816025 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.387131929 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.392136097 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392147064 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392158031 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392177105 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392185926 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392204046 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392213106 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392211914 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.392260075 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392268896 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392270088 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.392276049 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.392333984 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.398705006 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398765087 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.398852110 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398863077 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398905039 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.398958921 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398967028 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398974895 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.398983002 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.399008036 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.399036884 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.440167904 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.441355944 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.441448927 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.471424103 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:45.489272118 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.648614883 CET | 55020 | 49983 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:45.648756027 CET | 49983 | 55020 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:46.146773100 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:46.190475941 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.313287973 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.320528030 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.544090986 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.544809103 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.550259113 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.550343990 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.550401926 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.556070089 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.786403894 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.786690950 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.794300079 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794317961 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794346094 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794390917 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.794425011 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794497967 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.794565916 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794579983 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794591904 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794648886 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.794790983 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.794848919 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.795372009 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.795387030 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.795423031 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.795439959 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.802054882 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802068949 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802095890 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802126884 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.802141905 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.802200079 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802212000 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802244902 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.802263975 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.802282095 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.845567942 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.845695972 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:49.893855095 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:49.955794096 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:50.041275978 CET | 55021 | 49984 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:50.042467117 CET | 49984 | 55021 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:50.530503035 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:50.752697945 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.192668915 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.197654963 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.425874949 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.435658932 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.441406965 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.441478968 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.443665981 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.448520899 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.675939083 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.676208973 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681135893 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681149006 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681166887 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681176901 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681204081 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681216955 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681226015 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681233883 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681247950 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681272030 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681279898 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681282997 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681288958 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681324005 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.681324959 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.681372881 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.686068058 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686115980 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.686150074 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686160088 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686167955 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686182976 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.686194897 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686197042 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.686203957 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.686223984 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.686249971 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.729288101 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.729361057 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.768286943 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:55.780313015 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.930115938 CET | 55022 | 49985 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:55.930176973 CET | 49985 | 55022 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:16:56.425601006 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:16:56.565171003 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:21.747493029 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:21.825867891 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.058557987 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.059145927 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.071542978 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.071631908 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.071757078 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.089751959 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.319741011 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.322630882 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.332272053 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.332459927 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.332468033 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.332478046 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.332480907 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.332645893 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.335256100 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.335261106 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.335270882 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.335274935 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.335390091 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.337779045 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.340775967 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.343259096 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.343262911 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.343272924 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.343276978 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.343291044 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.343395948 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.343480110 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.349796057 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.350099087 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.377680063 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.394037962 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.396575928 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:22.445278883 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.604640961 CET | 55032 | 49986 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:22.604978085 CET | 49986 | 55032 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:23.098596096 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:23.143348932 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.669445992 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.676280022 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:32.681189060 CET | 49987 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.687846899 CET | 21 | 49987 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:32.688092947 CET | 49987 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.693227053 CET | 49987 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.702033043 CET | 21 | 49987 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:32.702929974 CET | 49987 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.901940107 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:32.902621031 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.916876078 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:32.916977882 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.917874098 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:32.933269024 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.155572891 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.155889988 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161403894 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161438942 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161452055 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161456108 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161463976 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161488056 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161494017 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161500931 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161511898 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161524057 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161525011 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161535025 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161546946 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.161551952 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161578894 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.161602020 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.166934013 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166943073 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166954994 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166965008 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166974068 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166977882 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.166984081 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.167004108 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.167036057 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.216092110 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.216190100 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.252655029 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.259948969 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.286309958 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.429399014 CET | 55040 | 49988 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.429449081 CET | 49988 | 55040 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:33.915132999 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:33.955420971 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.475311041 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.481257915 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.702193022 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.702717066 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.709296942 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.709378958 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.709525108 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.715811968 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.941881895 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.942301989 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.952081919 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952086926 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952095985 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952099085 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952102900 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952111006 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952115059 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952117920 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952127934 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952133894 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.952194929 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.952284098 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.960670948 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960675955 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960753918 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.960813999 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960818052 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960829973 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960834026 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:41.960916042 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:41.987025023 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:42.003643036 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:42.003757000 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:42.033929110 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:42.057533026 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:42.225014925 CET | 55044 | 49989 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:42.225275040 CET | 49989 | 55044 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:42.713195086 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:42.770421028 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:43.890831947 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:43.897989035 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.119640112 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.120223045 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.127379894 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.127479076 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.127636909 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.134337902 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.359286070 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.361689091 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.367677927 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367687941 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367691040 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367698908 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367765903 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367769003 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367777109 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367779970 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367784977 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367791891 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.367839098 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.367882967 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.373994112 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.373997927 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.374006987 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.374010086 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.374017954 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.374021053 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.374253035 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.409492016 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.414796114 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.417108059 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:44.466710091 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.622800112 CET | 55045 | 49990 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:44.625288010 CET | 49990 | 55045 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:17:45.114805937 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:17:45.158895016 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:04.666551113 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:04.672132969 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:04.891493082 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:04.891979933 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:04.896903038 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:04.896987915 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:04.897196054 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:04.904032946 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.126276970 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.128921986 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.136112928 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136123896 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136142015 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136151075 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136161089 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136168957 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136224031 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.136225939 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136234999 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136243105 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136253119 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.136262894 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.136282921 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.136348963 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.141132116 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141141891 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141212940 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141222000 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141247034 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.141262054 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141271114 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.141284943 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.141295910 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.141398907 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.174542904 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.186466932 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.186644077 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.221407890 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.227593899 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.399435043 CET | 55054 | 49991 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.399507999 CET | 49991 | 55054 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:05.889470100 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:05.940144062 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.274482965 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.326527119 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.548572063 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.550451040 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.555696011 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.558549881 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.558841944 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.564697027 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.787904978 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.788172007 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.797308922 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797321081 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797331095 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797462940 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.797627926 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797630072 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797635078 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.797720909 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.798830986 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.798842907 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.798851967 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.798865080 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.798942089 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.804276943 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.804348946 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.804358959 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.804358959 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.804436922 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.804605961 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.804702997 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.804982901 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.804992914 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.805077076 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.845426083 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.845566034 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:12.895853043 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:12.940200090 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:13.070147991 CET | 55055 | 49992 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:13.070591927 CET | 49992 | 55055 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:13.556902885 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:13.668579102 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:17.636178970 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:17.644984961 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:17.867103100 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:17.867722034 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:17.872823954 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:17.872914076 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:17.873076916 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:17.877969980 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.102406025 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.102682114 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.110297918 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110306978 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110316992 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110385895 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.110433102 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.110451937 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110456944 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110467911 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110471964 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110476971 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110481024 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110490084 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.110526085 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.110544920 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.110559940 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.118042946 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118175030 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118247032 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.118330956 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118336916 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118346930 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118381023 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.118413925 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.118483067 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.118810892 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.157285929 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.157362938 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.190164089 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.192203045 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.195108891 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.361335993 CET | 55059 | 49993 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.362579107 CET | 49993 | 55059 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.447041988 CET | 49994 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.455445051 CET | 21 | 49994 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.458606958 CET | 49994 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.459304094 CET | 49994 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.467540979 CET | 21 | 49994 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.467621088 CET | 49994 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:18.871360064 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:18.942333937 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:23.868132114 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:23.873867989 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:23.874345064 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.306581974 CET | 49996 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.312939882 CET | 21 | 49996 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.313097954 CET | 49996 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.313226938 CET | 49996 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.325818062 CET | 21 | 49996 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.328491926 CET | 21 | 49996 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.330099106 CET | 49996 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.494493961 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.498591900 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.503803015 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.727951050 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.728137970 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.735479116 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.954366922 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:24.954602957 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:24.959439039 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.181462049 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.181812048 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.188375950 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.406637907 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.406896114 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.411735058 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.631386042 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.634474039 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.639337063 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.863360882 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.863905907 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.868877888 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:25.868947983 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.869101048 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:25.873908997 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.096225977 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.096565962 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101538897 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101547956 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101598978 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101612091 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101623058 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101629019 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101654053 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101660013 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101667881 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101676941 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101699114 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101710081 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101717949 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101727009 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101751089 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101779938 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.101792097 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101799965 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.101840973 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.109615088 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109623909 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109632969 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109642029 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109651089 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109663010 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.109699965 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.109754086 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.154077053 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.154196024 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.201417923 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.237025976 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.356271982 CET | 55064 | 49997 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.356421947 CET | 49997 | 55064 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:26.844835043 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:26.926454067 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.010457039 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.424500942 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.673048973 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:29.673680067 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:29.893198013 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:29.893929005 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.899643898 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:29.899735928 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.899780989 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:29.904690027 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.127130032 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.127372980 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.133377075 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133395910 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133399963 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133409023 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133413076 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133420944 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133424044 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133431911 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133436918 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133441925 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.133445978 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.133507967 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.139543056 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139553070 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139601946 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.139627934 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.139663935 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139667988 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139677048 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139681101 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.139734030 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.182981014 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.183065891 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.235337973 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.237010956 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.388814926 CET | 55068 | 49998 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:30.392724991 CET | 49998 | 55068 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:30.902210951 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:31.034461975 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:34.762484074 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:34.773540020 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:34.994328976 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:34.994913101 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.002578974 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.002681017 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.002804995 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.009824038 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.232273102 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.232634068 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.237709045 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.237751961 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.237761021 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.237823009 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.238054991 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238065004 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238073111 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238081932 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238090992 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238105059 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238114119 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.238142014 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.238229990 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.243104935 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243117094 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243185043 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.243204117 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243212938 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243261099 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.243262053 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243355989 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.243438959 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.243515968 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.283885956 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.285284996 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.285398960 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:35.341028929 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.502326012 CET | 55069 | 49999 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:35.502403021 CET | 49999 | 55069 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:18:36.050920963 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:18:36.096378088 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:09.884000063 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:09.891782045 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.112118959 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.113076925 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.118552923 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.118788004 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.119333982 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.127721071 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.351357937 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.351586103 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.356542110 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356573105 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356583118 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356594086 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356621027 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.356642962 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356652975 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356658936 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.356661081 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356671095 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356703043 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.356719017 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.356753111 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356761932 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.356877089 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.362200022 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.362215042 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.362224102 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.362237930 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.362257004 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.362279892 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.362309933 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.362355947 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.362730026 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.364628077 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.405796051 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.405881882 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.453212023 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.471425056 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:10.618968010 CET | 55096 | 50000 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:10.619334936 CET | 50000 | 55096 | 192.168.2.5 | 93.89.225.40 |
| Nov 20, 2024 10:19:11.114491940 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 |
| Nov 20, 2024 10:19:11.158942938 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 20, 2024 10:15:04.924009085 CET | 51837 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 20, 2024 10:15:04.933147907 CET | 53 | 51837 | 1.1.1.1 | 192.168.2.5 |
| Nov 20, 2024 10:15:06.130414963 CET | 52366 | 53 | 192.168.2.5 | 1.1.1.1 |
| Nov 20, 2024 10:15:06.226985931 CET | 53 | 52366 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 20, 2024 10:15:04.924009085 CET | 192.168.2.5 | 1.1.1.1 | 0x1be6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 20, 2024 10:15:06.130414963 CET | 192.168.2.5 | 1.1.1.1 | 0x1ff3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 20, 2024 10:15:04.933147907 CET | 1.1.1.1 | 192.168.2.5 | 0x1be6 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Nov 20, 2024 10:15:04.933147907 CET | 1.1.1.1 | 192.168.2.5 | 0x1be6 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Nov 20, 2024 10:15:04.933147907 CET | 1.1.1.1 | 192.168.2.5 | 0x1be6 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Nov 20, 2024 10:15:06.226985931 CET | 1.1.1.1 | 192.168.2.5 | 0x1ff3 | No error (0) | 93.89.225.40 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49704 | 104.26.12.205 | 443 | 7360 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-11-20 09:15:05 UTC | 155 | OUT | |
| 2024-11-20 09:15:05 UTC | 399 | IN | |
| 2024-11-20 09:15:05 UTC | 11 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Nov 20, 2024 10:15:06.856956959 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 220 Microsoft FTP Service |
| Nov 20, 2024 10:15:06.857132912 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | USER pgizemM6 |
| Nov 20, 2024 10:15:07.081981897 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 331 Password required |
| Nov 20, 2024 10:15:07.082401037 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASS giz95Ffg |
| Nov 20, 2024 10:15:07.314343929 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 230 User logged in. |
| Nov 20, 2024 10:15:07.543824911 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 200 OPTS UTF8 command successful - UTF8 encoding now ON. |
| Nov 20, 2024 10:15:07.544014931 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PWD |
| Nov 20, 2024 10:15:07.769329071 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 257 "/" is current directory. |
| Nov 20, 2024 10:15:07.769483089 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | TYPE I |
| Nov 20, 2024 10:15:07.994916916 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 200 Type set to I. |
| Nov 20, 2024 10:15:08.001636028 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:15:08.229212046 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,112). |
| Nov 20, 2024 10:15:08.237195969 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR PW_user-609290_2024_11_20_04_15_05.html |
| Nov 20, 2024 10:15:08.466402054 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:15:08.959321022 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:16:35.139022112 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:16:35.366066933 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,224). |
| Nov 20, 2024 10:16:35.374452114 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_12_06_08_44_33.jpeg |
| Nov 20, 2024 10:16:35.601277113 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:16:36.050051928 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 220 Microsoft FTP Service |
| Nov 20, 2024 10:16:36.050508022 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | USER pgizemM6 |
| Nov 20, 2024 10:16:36.283488989 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 331 Password required |
| Nov 20, 2024 10:16:36.286549091 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASS giz95Ffg |
| Nov 20, 2024 10:16:36.365796089 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:16:36.519428968 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 230 User logged in. |
| Nov 20, 2024 10:16:36.752979040 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 200 OPTS UTF8 command successful - UTF8 encoding now ON. |
| Nov 20, 2024 10:16:36.753911018 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PWD |
| Nov 20, 2024 10:16:36.984383106 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 257 "/" is current directory. |
| Nov 20, 2024 10:16:36.986530066 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | TYPE I |
| Nov 20, 2024 10:16:37.219266891 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 200 Type set to I. |
| Nov 20, 2024 10:16:37.219428062 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:16:37.453318119 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,226). |
| Nov 20, 2024 10:16:37.459336042 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_12_08_14_11_05.jpeg |
| Nov 20, 2024 10:16:37.706307888 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:16:38.445390940 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:16:44.914827108 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:16:45.147133112 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,236). |
| Nov 20, 2024 10:16:45.154583931 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_12_15_14_13_26.jpeg |
| Nov 20, 2024 10:16:45.386816025 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:16:46.146773100 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:16:49.313287973 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:16:49.544090986 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,237). |
| Nov 20, 2024 10:16:49.550401926 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_12_19_13_57_22.jpeg |
| Nov 20, 2024 10:16:49.786403894 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:16:50.530503035 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:16:55.192668915 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:16:55.425874949 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,238). |
| Nov 20, 2024 10:16:55.443665981 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_12_24_09_04_43.jpeg |
| Nov 20, 2024 10:16:55.675939083 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:16:56.425601006 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:17:21.747493029 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:17:22.058557987 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,214,248). |
| Nov 20, 2024 10:17:22.071757078 CET | 49981 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_01_06_23_16_47.jpeg |
| Nov 20, 2024 10:17:22.319741011 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:17:23.098596096 CET | 21 | 49981 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:17:32.669445992 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:17:32.901940107 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,0). |
| Nov 20, 2024 10:17:32.917874098 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_01_15_20_33_24.jpeg |
| Nov 20, 2024 10:17:33.155572891 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:17:33.915132999 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:17:41.475311041 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:17:41.702193022 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,4). |
| Nov 20, 2024 10:17:41.709525108 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_01_21_22_24_16.jpeg |
| Nov 20, 2024 10:17:41.941881895 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:17:42.713195086 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:17:43.890831947 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:17:44.119640112 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,5). |
| Nov 20, 2024 10:17:44.127636909 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_01_25_04_05_13.jpeg |
| Nov 20, 2024 10:17:44.359286070 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:17:45.114805937 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:04.666551113 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:04.891493082 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,14). |
| Nov 20, 2024 10:18:04.897196054 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_02_05_09_04_54.jpeg |
| Nov 20, 2024 10:18:05.126276970 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:05.889470100 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:12.274482965 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:12.548572063 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,15). |
| Nov 20, 2024 10:18:12.558841944 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_02_10_22_21_24.jpeg |
| Nov 20, 2024 10:18:12.787904978 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:13.556902885 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:17.636178970 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:17.867103100 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,19). |
| Nov 20, 2024 10:18:17.873076916 CET | 49705 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_02_17_12_11_48.jpeg |
| Nov 20, 2024 10:18:18.102406025 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:18.871360064 CET | 21 | 49705 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:24.494493961 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 220 Microsoft FTP Service |
| Nov 20, 2024 10:18:24.498591900 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | USER pgizemM6 |
| Nov 20, 2024 10:18:24.727951050 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 331 Password required |
| Nov 20, 2024 10:18:24.728137970 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASS giz95Ffg |
| Nov 20, 2024 10:18:24.954366922 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 230 User logged in. |
| Nov 20, 2024 10:18:25.181462049 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 200 OPTS UTF8 command successful - UTF8 encoding now ON. |
| Nov 20, 2024 10:18:25.181812048 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PWD |
| Nov 20, 2024 10:18:25.406637907 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 257 "/" is current directory. |
| Nov 20, 2024 10:18:25.406896114 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | TYPE I |
| Nov 20, 2024 10:18:25.631386042 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 200 Type set to I. |
| Nov 20, 2024 10:18:25.634474039 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:25.863360882 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,24). |
| Nov 20, 2024 10:18:25.869101048 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_02_24_11_59_58.jpeg |
| Nov 20, 2024 10:18:26.096225977 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:26.844835043 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:29.010457039 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:29.424500942 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:29.893198013 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,28). |
| Nov 20, 2024 10:18:29.899780989 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_03_02_23_45_38.jpeg |
| Nov 20, 2024 10:18:30.127130032 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:30.902210951 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:18:34.762484074 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:18:34.994328976 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,29). |
| Nov 20, 2024 10:18:35.002804995 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2025_03_07_16_02_47.jpeg |
| Nov 20, 2024 10:18:35.232273102 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:18:36.050920963 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
| Nov 20, 2024 10:19:09.884000063 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | PASV |
| Nov 20, 2024 10:19:10.112118959 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 227 Entering Passive Mode (93,89,225,40,215,56). |
| Nov 20, 2024 10:19:10.118788004 CET | 49995 | 21 | 192.168.2.5 | 93.89.225.40 | STOR SC_user-609290_2024_11_20_04_19_08.jpeg |
| Nov 20, 2024 10:19:10.351357937 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 150 Opening BINARY mode data connection. |
| Nov 20, 2024 10:19:11.114491940 CET | 21 | 49995 | 93.89.225.40 | 192.168.2.5 | 226 Transfer complete. |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:15:01 |
| Start date: | 20/11/2024 |
| Path: | C:\Users\user\Desktop\order and drawings_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x620000 |
| File size: | 1'075'200 bytes |
| MD5 hash: | 4726039E5F4D03F6F3F9CC0CD8D423A1 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 04:15:02 |
| Start date: | 20/11/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1f0000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 4.2% |
| Dynamic/Decrypted Code Coverage: | 1.3% |
| Signature Coverage: | 6.9% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 63 |
Graph
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00623D19 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 151windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063DDC0 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00633B70 Relevance: 5.9, Strings: 4, Instructions: 903COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666CA9 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00633200 Relevance: 2.2, Strings: 1, Instructions: 986COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0062E8D0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 816windowsleeptimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00655C78 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00623F53 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066BFA4 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00623742 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00623E6E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAB520 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006249FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAB300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006251AF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063D298 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066C396 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067F8AE Relevance: 4.9, APIs: 3, Instructions: 385COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00624FFC Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064395C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066BB64 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00622322 Relevance: 3.9, APIs: 3, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00680828 Relevance: 3.2, APIs: 2, Instructions: 232COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00623A0F Relevance: 3.1, APIs: 2, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063F4EA Relevance: 3.0, APIs: 2, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00642957 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063ED18 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068040F Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00699A75 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006241A9 Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00699B45 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006239DB Relevance: 1.5, APIs: 1, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00642AAE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00624252 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006240A7 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066BCF4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAB1EC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CAB1F0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068F7FF Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 630windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068AACE Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063EB42 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006660DD Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 174filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066F5FA Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00671B2F Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00671C8A Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067091D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00626F07 Relevance: 20.9, Strings: 16, Instructions: 883COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006663F9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 89fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00676D07 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006679D3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00678C4F Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666532 Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00629B60 Relevance: 8.6, Strings: 6, Instructions: 1055COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006613CA Relevance: 8.1, APIs: 1, Strings: 4, Instructions: 560stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066EB60 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00688111 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063E01E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B11F Relevance: 4.9, APIs: 3, Instructions: 377COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066E1FD Relevance: 4.6, APIs: 3, Instructions: 72COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B134 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666606 Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006671FA Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066F56F Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066CE7A Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065AB84 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064D1B9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006296C0 Relevance: 2.1, APIs: 1, Instructions: 573COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065038E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066B6CC Relevance: 1.6, APIs: 1, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006674E7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B106 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0069B340 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00648189 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0062E3B0 Relevance: .5, Instructions: 540COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006293F0 Relevance: .5, Instructions: 531COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0062AF50 Relevance: .5, Instructions: 514COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006402A4 Relevance: .3, Instructions: 345COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006406D9 Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063FA57 Relevance: .3, Instructions: 323COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067A2A9 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068D285 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B8FD Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 491windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068C6E9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068B6C4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068764F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063A856 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00683639 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00686BC9 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065CF50 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006779B0 Relevance: 25.6, APIs: 17, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068CE58 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068F351 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066AAF8 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 374timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068716A Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068E4F5 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006626BC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066D0B8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068EEEB Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065A14D Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006667E9 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006625B5 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066778F Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006702EE Relevance: 18.3, APIs: 12, Instructions: 282comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065ED02 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B73E Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B40A Relevance: 18.1, APIs: 12, Instructions: 131COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066690B Relevance: 18.1, APIs: 12, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A1B6 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666F02 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064500E Relevance: 16.8, APIs: 11, Instructions: 257COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067ADAE Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00678107 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B907 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B9F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065BAD7 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067B2A9 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064ACB3 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063CB8D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068ECD4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006745C4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067B644 Relevance: 13.9, APIs: 9, Instructions: 432COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068B33A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063EA69 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00689A75 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665819 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066A729 Relevance: 12.3, APIs: 8, Instructions: 317COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666B49 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00688ECC Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063AE78 Relevance: 10.7, APIs: 7, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00688FC8 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006608AF Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660986 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A2C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063CCCD Relevance: 9.3, APIs: 6, Instructions: 253COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006884DE Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00664AC2 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063ABF5 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068E397 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006698BA Relevance: 9.1, APIs: 6, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00679B45 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065AF64 Relevance: 9.1, APIs: 6, Instructions: 73processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068EBF6 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065E19B Relevance: 9.0, APIs: 6, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00647B47 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00669AD5 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00669A20 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665347 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660213 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665007 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B80A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006743E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006890E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00669568 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00669634 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065C9E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00647A94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068E32E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00681945 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068E062 Relevance: 7.7, APIs: 5, Instructions: 187windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068CCF7 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00671206 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065DBBF Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065BC77 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666318 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00678B95 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00678420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063AF83 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064217F Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065ABBB Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00667A58 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00659ABF Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065AA62 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065AAC3 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B0AB Relevance: 7.5, APIs: 5, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065C189 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00675180 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A0D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A88A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006899A5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A409 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00642287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064235C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00682205 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006242F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0062434B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660564 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660539 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067ECC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067BADD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00683BDB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00659B30 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067AA84 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006591CC Relevance: 6.2, APIs: 4, Instructions: 201memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068C4D7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065C410 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066E698 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068B544 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068D7DE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00687CA5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068F1D7 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067431C Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00678A7F Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00688A37 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660AA6 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00666713 Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B1CC Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B478 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B55D Relevance: 6.1, APIs: 4, Instructions: 56COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0066732B Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063D17C Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068EA6A Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B0CD Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063B47D Relevance: 6.0, APIs: 4, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0069B29A Relevance: 6.0, APIs: 4, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0069B2AE Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0063BCC9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0068A76A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665157 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006893CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00689617 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00665262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00674D9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064A70C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067A82C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B781 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B67D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065B700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065A631 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006886CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00688698 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|