Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 3384 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 75CDC74BEFD8C953EE2C022BD8366633) - cmd.exe (PID: 3236 cmdline:
C:\Windows \system32\ cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Use rs\user\De sktop\file .exe > nul MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 3352 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - PING.EXE (PID: 3180 cmdline:
ping -n 2 127.0.0.1 MD5: B3624DD758CCECF93A1226CEF252CA12)
- Gwogw.exe (PID: 616 cmdline:
C:\Windows \SysWOW64\ Gwogw.exe -auto MD5: 75CDC74BEFD8C953EE2C022BD8366633) - Gwogw.exe (PID: 1484 cmdline:
C:\Windows \SysWOW64\ Gwogw.exe -acsi MD5: 75CDC74BEFD8C953EE2C022BD8366633)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
MimiKatz | Varonis summarizes Mimikatz as an open-source application that allows users to view and save authentication credentials like Kerberos tickets. Benjamin Delpy continues to lead Mimikatz developments, so the toolset works with the current release of Windows and includes the most up-to-date attacks.Attackers commonly use Mimikatz to steal credentials and escalate privileges: in most cases, endpoint protection software and anti-virus systems will detect and delete it. Conversely, pentesters use Mimikatz to detect and exploit vulnerabilities in your networks so you can fix them. |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_TOOL_RTK_HiddenRootKit | Detects the Hidden public rootkit | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mimikatz_1 | Yara detected Mimikatz | Joe Security | ||
Windows_Trojan_Gh0st_ee6de6bc | Identifies a variant of Gh0st Rat | unknown |
| |
JoeSecurity_Mimikatz_1 | Yara detected Mimikatz | Joe Security | ||
Windows_Trojan_Gh0st_ee6de6bc | Identifies a variant of Gh0st Rat | unknown |
| |
JoeSecurity_Mimikatz_1 | Yara detected Mimikatz | Joe Security | ||
Click to see the 7 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_TOOL_RTK_HiddenRootKit | Detects the Hidden public rootkit | ditekSHen |
| |
INDICATOR_TOOL_RTK_HiddenRootKit | Detects the Hidden public rootkit | ditekSHen |
| |
INDICATOR_TOOL_RTK_HiddenRootKit | Detects the Hidden public rootkit | ditekSHen |
| |
INDICATOR_TOOL_RTK_HiddenRootKit | Detects the Hidden public rootkit | ditekSHen |
| |
JoeSecurity_Mimikatz_1 | Yara detected Mimikatz | Joe Security | ||
Click to see the 71 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_10020E60 | |
Source: | Code function: | 2_2_10020E60 |
Source: | Code function: | 0_2_00442010 | |
Source: | Code function: | 0_2_004420D0 | |
Source: | Code function: | 0_2_0045F330 | |
Source: | Code function: | 0_2_004415A0 | |
Source: | Code function: | 0_2_00441770 | |
Source: | Code function: | 0_2_00441C90 | |
Source: | Code function: | 0_2_100090A0 | |
Source: | Code function: | 0_2_10026300 | |
Source: | Code function: | 0_2_10008570 | |
Source: | Code function: | 0_2_10008740 | |
Source: | Code function: | 0_2_10008C60 | |
Source: | Code function: | 0_2_10008FE0 | |
Source: | Code function: | 2_2_00442010 | |
Source: | Code function: | 2_2_004420D0 | |
Source: | Code function: | 2_2_0045F330 | |
Source: | Code function: | 2_2_004415A0 | |
Source: | Code function: | 2_2_00441770 | |
Source: | Code function: | 2_2_00441C90 | |
Source: | Code function: | 2_2_100090A0 | |
Source: | Code function: | 2_2_10026300 | |
Source: | Code function: | 2_2_10008570 | |
Source: | Code function: | 2_2_10008740 | |
Source: | Code function: | 2_2_10008C60 | |
Source: | Code function: | 2_2_10008FE0 |
Source: | Code function: | 0_2_00441370 |
Source: | Code function: | 0_2_00462730 | |
Source: | Code function: | 0_2_0044D8F0 | |
Source: | Code function: | 0_2_0043BF63 | |
Source: | Code function: | 0_2_10029700 | |
Source: | Code function: | 0_2_100399F8 | |
Source: | Code function: | 0_2_10039B70 | |
Source: | Code function: | 2_2_00462730 | |
Source: | Code function: | 2_2_0044D8F0 | |
Source: | Code function: | 2_2_0043BF63 | |
Source: | Code function: | 2_2_10029700 | |
Source: | Code function: | 2_2_100399F8 | |
Source: | Code function: | 2_2_10039B70 |
Networking |
---|
Source: | Process created: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00458040 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Code function: | 0_2_1000AAD0 | |
Source: | Code function: | 0_2_1000AAD0 | |
Source: | Code function: | 2_2_1000AAD0 | |
Source: | Code function: | 2_2_1000AAD0 |
Source: | Code function: | 0_2_0044D910 |
Source: | Code function: | 0_2_0044D8F0 | |
Source: | Code function: | 0_2_0044D910 | |
Source: | Code function: | 0_2_100148E0 | |
Source: | Code function: | 2_2_0044D8F0 | |
Source: | Code function: | 2_2_0044D910 | |
Source: | Code function: | 2_2_100148E0 |
Source: | Code function: | 0_2_0044D980 |
Source: | Code function: | 0_2_00443B00 |
E-Banking Fraud |
---|
Source: | Code function: | 0_2_1000AE30 | |
Source: | Code function: | 0_2_1000AE30 | |
Source: | Code function: | 0_2_1000AE30 | |
Source: | Code function: | 2_2_1000AE30 | |
Source: | Code function: | 2_2_1000AE30 | |
Source: | Code function: | 2_2_1000AE30 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_004240A3 | |
Source: | Code function: | 0_2_00412239 | |
Source: | Code function: | 0_2_004122C9 | |
Source: | Code function: | 0_2_004505B0 | |
Source: | Code function: | 0_2_00416D7B | |
Source: | Code function: | 0_2_00416DCE | |
Source: | Code function: | 0_2_00409610 | |
Source: | Code function: | 0_2_004056B0 | |
Source: | Code function: | 0_2_00405700 | |
Source: | Code function: | 2_2_004240A3 | |
Source: | Code function: | 2_2_00412239 | |
Source: | Code function: | 2_2_004122C9 | |
Source: | Code function: | 2_2_004505B0 | |
Source: | Code function: | 2_2_00416D7B | |
Source: | Code function: | 2_2_00416DCE | |
Source: | Code function: | 2_2_00409610 | |
Source: | Code function: | 2_2_004056B0 | |
Source: | Code function: | 2_2_00405700 |
Source: | Code function: | 0_2_004908F0 |
Source: | Code function: | 0_2_0044EA30 |
Source: | Code function: | 2_2_10018790 |
Source: | Code function: | 0_2_00447040 | |
Source: | Code function: | 0_2_004455A0 | |
Source: | Code function: | 0_2_1000E010 | |
Source: | Code function: | 0_2_1000C570 | |
Source: | Code function: | 2_2_00447040 | |
Source: | Code function: | 2_2_004455A0 | |
Source: | Code function: | 2_2_1000E010 | |
Source: | Code function: | 2_2_1000C570 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0048E010 | |
Source: | Code function: | 0_2_004CC0B0 | |
Source: | Code function: | 0_2_00450110 | |
Source: | Code function: | 0_2_004901C0 | |
Source: | Code function: | 0_2_004C81D0 | |
Source: | Code function: | 0_2_0048E4C0 | |
Source: | Code function: | 0_2_004C8500 | |
Source: | Code function: | 0_2_0044C750 | |
Source: | Code function: | 0_2_0048C770 | |
Source: | Code function: | 0_2_004CA930 | |
Source: | Code function: | 0_2_004B69C0 | |
Source: | Code function: | 0_2_00458980 | |
Source: | Code function: | 0_2_004C6A50 | |
Source: | Code function: | 0_2_00442A20 | |
Source: | Code function: | 0_2_004B8C80 | |
Source: | Code function: | 0_2_004C8E60 | |
Source: | Code function: | 0_2_00464FD0 | |
Source: | Code function: | 0_2_0045D0D0 | |
Source: | Code function: | 0_2_004431D6 | |
Source: | Code function: | 0_2_004431EC | |
Source: | Code function: | 0_2_004B31B0 | |
Source: | Code function: | 0_2_00443244 | |
Source: | Code function: | 0_2_00443257 | |
Source: | Code function: | 0_2_0044326A | |
Source: | Code function: | 0_2_0044327D | |
Source: | Code function: | 0_2_00443202 | |
Source: | Code function: | 0_2_00443218 | |
Source: | Code function: | 0_2_0044322E | |
Source: | Code function: | 0_2_00443290 | |
Source: | Code function: | 0_2_004432A3 | |
Source: | Code function: | 0_2_004432B6 | |
Source: | Code function: | 0_2_004B3460 | |
Source: | Code function: | 0_2_004CB4A0 | |
Source: | Code function: | 0_2_004C9500 | |
Source: | Code function: | 0_2_0048F5B0 | |
Source: | Code function: | 0_2_004B57E0 | |
Source: | Code function: | 0_2_0048FB30 | |
Source: | Code function: | 0_2_004B7C40 | |
Source: | Code function: | 0_2_004B9CF0 | |
Source: | Code function: | 0_2_004AFD00 | |
Source: | Code function: | 0_2_004ADEA0 | |
Source: | Code function: | 0_2_0043BEB1 | |
Source: | Code function: | 0_2_004B5F60 | |
Source: | Code function: | 0_2_10093080 | |
Source: | Code function: | 0_2_100170E0 | |
Source: | Code function: | 0_2_10057190 | |
Source: | Code function: | 0_2_1008F1A0 | |
Source: | Code function: | 0_2_10037260 | |
Source: | Code function: | 0_2_10055490 | |
Source: | Code function: | 0_2_1008F4D0 | |
Source: | Code function: | 0_2_100334E0 | |
Source: | Code function: | 0_2_10013720 | |
Source: | Code function: | 0_2_10053740 | |
Source: | Code function: | 0_2_10091900 | |
Source: | Code function: | 0_2_1001F950 | |
Source: | Code function: | 0_2_1007D990 | |
Source: | Code function: | 0_2_1007B9A0 | |
Source: | Code function: | 0_2_100099F0 | |
Source: | Code function: | 0_2_1008DA20 | |
Source: | Code function: | 0_2_10037AE0 | |
Source: | Code function: | 0_2_1007FC50 | |
Source: | Code function: | 0_2_1008FE30 | |
Source: | Code function: | 0_2_1002BFA0 | |
Source: | Code function: | 0_2_100240A0 | |
Source: | Code function: | 0_2_1007A180 | |
Source: | Code function: | 0_2_1007A430 | |
Source: | Code function: | 0_2_10092470 | |
Source: | Code function: | 0_2_100904D0 | |
Source: | Code function: | 0_2_10056580 | |
Source: | Code function: | 0_2_1007C7B0 | |
Source: | Code function: | 0_2_100368E0 | |
Source: | Code function: | 0_2_10032AC0 | |
Source: | Code function: | 0_2_10039B50 | |
Source: | Code function: | 0_2_10056B00 | |
Source: | Code function: | 0_2_1007EC10 | |
Source: | Code function: | 0_2_10080CC0 | |
Source: | Code function: | 0_2_10076CD0 | |
Source: | Code function: | 0_2_10030D67 | |
Source: | Code function: | 0_2_10002DC0 | |
Source: | Code function: | 0_2_10074E70 | |
Source: | Code function: | 0_2_10039B70 | |
Source: | Code function: | 0_2_1007CF30 | |
Source: | Code function: | 0_2_10054FE0 | |
Source: | Code function: | 2_2_0048E010 | |
Source: | Code function: | 2_2_004CC0B0 | |
Source: | Code function: | 2_2_00450110 | |
Source: | Code function: | 2_2_004901C0 | |
Source: | Code function: | 2_2_004C81D0 | |
Source: | Code function: | 2_2_0048E4C0 | |
Source: | Code function: | 2_2_004C8500 | |
Source: | Code function: | 2_2_0044C750 | |
Source: | Code function: | 2_2_0048C770 | |
Source: | Code function: | 2_2_004CA930 | |
Source: | Code function: | 2_2_004B69C0 | |
Source: | Code function: | 2_2_00458980 | |
Source: | Code function: | 2_2_004C6A50 | |
Source: | Code function: | 2_2_00442A20 | |
Source: | Code function: | 2_2_004B8C80 | |
Source: | Code function: | 2_2_004C8E60 | |
Source: | Code function: | 2_2_00464FD0 | |
Source: | Code function: | 2_2_0045D0D0 | |
Source: | Code function: | 2_2_004431D6 | |
Source: | Code function: | 2_2_004431EC | |
Source: | Code function: | 2_2_004B31B0 | |
Source: | Code function: | 2_2_00443244 | |
Source: | Code function: | 2_2_00443257 | |
Source: | Code function: | 2_2_0044326A | |
Source: | Code function: | 2_2_0044327D | |
Source: | Code function: | 2_2_00443202 | |
Source: | Code function: | 2_2_00443218 | |
Source: | Code function: | 2_2_0044322E | |
Source: | Code function: | 2_2_00443290 | |
Source: | Code function: | 2_2_004432A3 | |
Source: | Code function: | 2_2_004432B6 | |
Source: | Code function: | 2_2_004B3460 | |
Source: | Code function: | 2_2_004CB4A0 | |
Source: | Code function: | 2_2_004C9500 | |
Source: | Code function: | 2_2_0048F5B0 | |
Source: | Code function: | 2_2_004B57E0 | |
Source: | Code function: | 2_2_0048FB30 | |
Source: | Code function: | 2_2_004B7C40 | |
Source: | Code function: | 2_2_004B9CF0 | |
Source: | Code function: | 2_2_004AFD00 | |
Source: | Code function: | 2_2_004ADEA0 | |
Source: | Code function: | 2_2_0043BEB1 | |
Source: | Code function: | 2_2_004B5F60 | |
Source: | Code function: | 2_2_10093080 | |
Source: | Code function: | 2_2_100170E0 | |
Source: | Code function: | 2_2_10057190 | |
Source: | Code function: | 2_2_1008F1A0 | |
Source: | Code function: | 2_2_10037260 | |
Source: | Code function: | 2_2_10055490 | |
Source: | Code function: | 2_2_1008F4D0 | |
Source: | Code function: | 2_2_100334E0 | |
Source: | Code function: | 2_2_10013720 | |
Source: | Code function: | 2_2_10053740 | |
Source: | Code function: | 2_2_10091900 | |
Source: | Code function: | 2_2_1001F950 | |
Source: | Code function: | 2_2_1007D990 | |
Source: | Code function: | 2_2_1007B9A0 | |
Source: | Code function: | 2_2_100099F0 | |
Source: | Code function: | 2_2_1008DA20 | |
Source: | Code function: | 2_2_10037AE0 | |
Source: | Code function: | 2_2_1007FC50 | |
Source: | Code function: | 2_2_1008FE30 | |
Source: | Code function: | 2_2_1002BFA0 | |
Source: | Code function: | 2_2_100240A0 | |
Source: | Code function: | 2_2_1007A180 | |
Source: | Code function: | 2_2_1007A430 | |
Source: | Code function: | 2_2_10092470 | |
Source: | Code function: | 2_2_100904D0 | |
Source: | Code function: | 2_2_10056580 | |
Source: | Code function: | 2_2_1007C7B0 | |
Source: | Code function: | 2_2_100368E0 | |
Source: | Code function: | 2_2_10032AC0 | |
Source: | Code function: | 2_2_10039B50 | |
Source: | Code function: | 2_2_10056B00 | |
Source: | Code function: | 2_2_1007EC10 | |
Source: | Code function: | 2_2_10080CC0 | |
Source: | Code function: | 2_2_10076CD0 | |
Source: | Code function: | 2_2_10030D67 | |
Source: | Code function: | 2_2_10002DC0 | |
Source: | Code function: | 2_2_10074E70 | |
Source: | Code function: | 2_2_10039B70 | |
Source: | Code function: | 2_2_1007CF30 | |
Source: | Code function: | 2_2_10054FE0 |
Source: | Dropped File: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Driver loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | Code function: | 0_2_00450520 | |
Source: | Code function: | 0_2_0045D950 | |
Source: | Code function: | 0_2_100174F0 | |
Source: | Code function: | 0_2_10024920 | |
Source: | Code function: | 2_2_00450520 | |
Source: | Code function: | 2_2_0045D950 | |
Source: | Code function: | 2_2_100174F0 | |
Source: | Code function: | 2_2_10024920 |
Source: | Code function: | 0_2_0045D0D0 |
Source: | Code function: | 0_2_0045E060 |
Source: | Code function: | 0_2_0044F370 |
Source: | Code function: | 0_2_00411741 |
Source: | Code function: | 0_2_00452090 |
Source: | Code function: | 2_2_1001B930 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0043A030 |
Source: | Code function: | 0_2_0042E5DE | |
Source: | Code function: | 0_2_0042E762 | |
Source: | Code function: | 2_2_0042E5DE | |
Source: | Code function: | 2_2_0042E762 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Code function: | 0_2_1000C570 | |
Source: | Code function: | 2_2_1000C570 |
Source: | Executable created and started: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_10021440 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Code function: | 0_2_1000C570 | |
Source: | Code function: | 2_2_1000C570 |
Source: | Registry key created: | Jump to behavior |
Source: | Code function: | 0_2_00452090 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00416605 | |
Source: | Code function: | 0_2_00416605 | |
Source: | Code function: | 0_2_00412C50 | |
Source: | Code function: | 0_2_00403CA0 | |
Source: | Code function: | 2_2_00416605 | |
Source: | Code function: | 2_2_00416605 | |
Source: | Code function: | 2_2_00412C50 | |
Source: | Code function: | 2_2_00403CA0 |
Source: | Code function: | 0_2_1000C4C0 |
Source: | Code function: | 0_2_10001140 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 0_2_1001A4A0 | |
Source: | Code function: | 2_2_1001A4A0 |
Source: | Evasive API call chain: | graph_0-61921 | ||
Source: | Evasive API call chain: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_10015B90 | |
Source: | Code function: | 2_2_10015B90 |
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_0-62035 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 0_2_1001A4A0 | |
Source: | Code function: | 2_2_1001A4A0 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Code function: | 0_2_00442010 | |
Source: | Code function: | 0_2_004420D0 | |
Source: | Code function: | 0_2_0045F330 | |
Source: | Code function: | 0_2_004415A0 | |
Source: | Code function: | 0_2_00441770 | |
Source: | Code function: | 0_2_00441C90 | |
Source: | Code function: | 0_2_100090A0 | |
Source: | Code function: | 0_2_10026300 | |
Source: | Code function: | 0_2_10008570 | |
Source: | Code function: | 0_2_10008740 | |
Source: | Code function: | 0_2_10008C60 | |
Source: | Code function: | 0_2_10008FE0 | |
Source: | Code function: | 2_2_00442010 | |
Source: | Code function: | 2_2_004420D0 | |
Source: | Code function: | 2_2_0045F330 | |
Source: | Code function: | 2_2_004415A0 | |
Source: | Code function: | 2_2_00441770 | |
Source: | Code function: | 2_2_00441C90 | |
Source: | Code function: | 2_2_100090A0 | |
Source: | Code function: | 2_2_10026300 | |
Source: | Code function: | 2_2_10008570 | |
Source: | Code function: | 2_2_10008740 | |
Source: | Code function: | 2_2_10008C60 | |
Source: | Code function: | 2_2_10008FE0 |
Source: | Code function: | 0_2_00441370 |
Source: | Code function: | 0_2_00450110 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-62114 | ||
Source: | API call chain: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0044D2CA |
Source: | Code function: | 0_2_0043A030 |
Source: | Code function: | 0_2_00490600 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_1000C680 | |
Source: | Code function: | 0_2_1000C680 | |
Source: | Code function: | 2_2_1000C680 | |
Source: | Code function: | 2_2_1000C680 |
Source: | Code function: | 0_2_1000CDD0 | |
Source: | Code function: | 2_2_1000CDD0 |
Source: | Code function: | 0_2_0044D680 |
Source: | Code function: | 0_2_10014650 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00454960 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00477190 |
Source: | Code function: | 0_2_0043B370 |
Source: | Code function: | 0_2_00452620 |
Source: | Code function: | 0_2_00452090 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Code function: | 0_2_10022310 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004580F0 | |
Source: | Code function: | 0_2_004584A0 | |
Source: | Code function: | 0_2_1001F0C0 | |
Source: | Code function: | 0_2_1001F470 | |
Source: | Code function: | 2_2_004580F0 | |
Source: | Code function: | 2_2_004584A0 | |
Source: | Code function: | 2_2_1001F0C0 | |
Source: | Code function: | 2_2_1001F470 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 12 Native API | 2 LSASS Driver | 2 LSASS Driver | 11 Disable or Modify Tools | 111 Input Capture | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | 1 Replication Through Removable Media | 12 Service Execution | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | 111 Input Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Create Account | 1 Valid Accounts | 31 Obfuscated Files or Information | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 1 Valid Accounts | 11 Access Token Manipulation | 11 Software Packing | NTDS | 1 System Service Discovery | Distributed Component Object Model | Input Capture | 1 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | 132 Windows Service | 132 Windows Service | 1 DLL Side-Loading | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 1 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | 1 Bootkit | 23 Process Injection | 1 File Deletion | Cached Domain Credentials | 16 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 13 Masquerading | DCSync | 1 Network Share Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Valid Accounts | Proc Filesystem | 23 Security Software Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 11 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | 11 Virtualization/Sandbox Evasion | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 11 Access Token Manipulation | Network Sniffing | 13 Process Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 23 Process Injection | Input Capture | 11 Application Window Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
Gather Victim Org Information | DNS Server | Compromise Software Supply Chain | Windows Command Shell | Scheduled Task | Scheduled Task | 1 Bootkit | Keylogging | 1 System Owner/User Discovery | Taint Shared Content | Screen Capture | DNS | Exfiltration Over Physical Medium | Resource Hijacking |
Determine Physical Locations | Virtual Private Server | Compromise Hardware Supply Chain | Unix Shell | Systemd Timers | Systemd Timers | 1 Indicator Removal | GUI Input Capture | 1 Remote System Discovery | Replication Through Removable Media | Email Collection | Proxy | Exfiltration over USB | Network Denial of Service |
Business Relationships | Server | Trusted Relationship | Visual Basic | Container Orchestration Job | Container Orchestration Job | Fileless Storage | Web Portal Capture | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Local Email Collection | Internal Proxy | Commonly Used Port | Direct Network Flood |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
87% | ReversingLabs | Win32.Trojan.Strictor | ||
100% | Avira | HEUR/AGEN.1346547 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | RKIT/Agent.pwihj | ||
100% | Avira | HEUR/AGEN.1346547 | ||
100% | Joe Sandbox ML | |||
87% | ReversingLabs | Win32.Trojan.Strictor | ||
79% | ReversingLabs | Win64.Backdoor.Farfli |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
facai7777777.ydns.eu | 202.181.25.108 | true | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
202.181.25.108 | facai7777777.ydns.eu | Hong Kong | 55933 | CLOUDIE-AS-APCloudieLimitedHK | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1568681 |
Start date and time: | 2024-12-04 20:18:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.bank.troj.spyw.evad.winEXE@9/4@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
14:19:02 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
202.181.25.108 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDIE-AS-APCloudieLimitedHK | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Windows\System32\drivers\QAssist.sys | Get hash | malicious | Mimikatz, RunningRAT | Browse | ||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | Gh0stCringe, GhostRat, Mimikatz, RunningRAT, XRed | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | GhostRat, Mimikatz | Browse | |||
Get hash | malicious | Gh0stCringe, GhostRat, Mimikatz, RunningRAT | Browse |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 626176 |
Entropy (8bit): | 7.957146812929295 |
Encrypted: | false |
SSDEEP: | 12288:nFpuzZSkcBNrl5mTEUkDaSdJfpSaoNRVBUyMCe8VMM80B7qrI3iK1XBwZQ:nFmShDrngEUkDaiJfpSaoNRpMCe8CM8T |
MD5: | 75CDC74BEFD8C953EE2C022BD8366633 |
SHA1: | 141BE71C0BEB41AD6E955C0721429BD978F2332B |
SHA-256: | FDA844B16B91A38417AF25D13BD0992C3344DE12EBCD0283732A3E0A6E91811D |
SHA-512: | 057F241E0215C481ACB436F6D88E7CBC6EB7B509A6FB63BFF993E39F0B64291FDDFF8867FD81A1115AC9B7FFE402CF45D4092DE34435A997A4CCD3431FEFDCCC |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\Gwogw.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 77896 |
Entropy (8bit): | 6.14724588578885 |
Encrypted: | false |
SSDEEP: | 1536:svHIPCv5eT9OrLPC5VwHrhpTrkt5Ad53vE1qXn9Jm6Y:svHIPmn/rHrhpTrkt52E1qXpY |
MD5: | 4E34C068E764AD0FF0CB58BC4F143197 |
SHA1: | 1A392A469FC8C65D80055C1A7AAEE27BF5EBE7C4 |
SHA-256: | 6CCE28B275D5EC20992BB13790976CAF434AB46DDBFD5CFD431D33424943122B |
SHA-512: | DCEA6D76452B1AC9E3C1FED7463FE873B4DD4603EC67A4E204C27BA2C1EA79415508C3044223626F0AE499A9B7A3D6FB283F0978B5E20A58E959C9440376E98B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\PING.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 331 |
Entropy (8bit): | 4.92149009030101 |
Encrypted: | false |
SSDEEP: | 6:PzLSLzMRfmWxHLThx2LThx0sW26VY7FwAFeMmvVOIHJFxMVlmJHaVFEG1vv:PKMRJpTeT0sBSAFSkIrxMVlmJHaVzvv |
MD5: | 2E512EE24AAB186D09E9A1F9B72A0569 |
SHA1: | C5BA2E0C0338FFEE13ED1FB6DA0CC9C000824B0B |
SHA-256: | DB41050CA723A06D95B73FFBE40B32DE941F5EE474F129B2B33E91C67B72674F |
SHA-512: | 6B4487A088155E34FE5C642E1C3D46F63CB2DDD9E4092809CE6F3BEEFDEF0D1F8AA67F8E733EDE70B07F467ED5BB6F07104EEA4C1E7AC7E1A502A772F56F7DE9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.957146812929295 |
TrID: |
|
File name: | file.exe |
File size: | 626'176 bytes |
MD5: | 75cdc74befd8c953ee2c022bd8366633 |
SHA1: | 141be71c0beb41ad6e955c0721429bd978f2332b |
SHA256: | fda844b16b91a38417af25d13bd0992c3344de12ebcd0283732a3e0a6e91811d |
SHA512: | 057f241e0215c481acb436f6d88e7cbc6eb7b509a6fb63bff993e39f0b64291fddff8867fd81a1115ac9b7ffe402cf45d4092de34435a997a4ccd3431fefdccc |
SSDEEP: | 12288:nFpuzZSkcBNrl5mTEUkDaSdJfpSaoNRVBUyMCe8VMM80B7qrI3iK1XBwZQ:nFmShDrngEUkDaiJfpSaoNRpMCe8CM8T |
TLSH: | F6D423BEAA8C52A7D48EC87CD21608D3951781192E9BC3ECDE79426F6FB853C191F443 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,..;M.R;M.R;M.R@Q.R:M.R.B.R3M.RTR.R:M.R.Q.R8M.RTR.R0M.RTR.R?M.R.k.R9M.R;M.R.L.R.k.R8M.R=n.R?M.R=n.RmM.R.R.R0M.R.K.R:M.RRich;M. |
Icon Hash: | 27129289d1d3c6e6 |
Entrypoint: | 0x5825c0 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x623EBFC3 [Sat Mar 26 07:24:51 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 42eb1dc2f01a922b7f152420aa351e96 |
Instruction |
---|
pushad |
mov esi, 004EB000h |
lea edi, dword ptr [esi-000EA000h] |
push edi |
jmp 00007FD17D10EF0Dh |
nop |
mov al, byte ptr [esi] |
inc esi |
mov byte ptr [edi], al |
inc edi |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FD17D10EEEFh |
mov eax, 00000001h |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
add ebx, ebx |
jnc 00007FD17D10EF0Dh |
jne 00007FD17D10EF2Ah |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FD17D10EF21h |
dec eax |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
jmp 00007FD17D10EED6h |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
jmp 00007FD17D10EF54h |
xor ecx, ecx |
sub eax, 03h |
jc 00007FD17D10EF13h |
shl eax, 08h |
mov al, byte ptr [esi] |
inc esi |
xor eax, FFFFFFFFh |
je 00007FD17D10EF77h |
sar eax, 1 |
mov ebp, eax |
jmp 00007FD17D10EF0Dh |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FD17D10EECEh |
inc ecx |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FD17D10EEC0h |
add ebx, ebx |
jne 00007FD17D10EF09h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
add ebx, ebx |
jnc 00007FD17D10EEF1h |
jne 00007FD17D10EF0Bh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jnc 00007FD17D10EEE6h |
add ecx, 02h |
cmp ebp, FFFFFB00h |
adc ecx, 02h |
lea edx, dword ptr [edi+ebp] |
cmp ebp, FFFFFFFCh |
jbe 00007FD17D10EF10h |
mov al, byte ptr [edx] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x183ee4 | 0x1ac | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x183000 | 0xee4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0xea000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX1 | 0xeb000 | 0x98000 | 0x97800 | 0f28105def1625a3d10b7f8f01f260e8 | False | 0.9942340913778878 | data | 7.96283139695918 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x183000 | 0x2000 | 0x1200 | 0e2d88410d9d825fc36e309e840d4aaa | False | 0.4622395833333333 | data | 4.428871923345829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x183314 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Chinese | China | 0.5762635379061372 |
RT_ICON | 0x17dbd0 | 0x2e8 | data | Chinese | China | 1.0147849462365592 |
RT_ICON | 0x17ded0 | 0x2e8 | data | Chinese | China | 1.0147849462365592 |
RT_ICON | 0x17e1d0 | 0x8a8 | data | Chinese | China | 1.0049638989169676 |
RT_DIALOG | 0x17ea90 | 0xee | data | Chinese | China | 1.046218487394958 |
RT_DIALOG | 0x17eb80 | 0x6d4 | data | Chinese | China | 1.0062929061784898 |
RT_STRING | 0x17f5f0 | 0x4c | PGP Secret Sub-key - | Chinese | China | 1.144736842105263 |
RT_GROUP_ICON | 0x183bc0 | 0x14 | data | Chinese | China | 1.15 |
RT_GROUP_ICON | 0x17deb8 | 0x14 | data | Chinese | China | 1.4 |
RT_GROUP_ICON | 0x17e1b8 | 0x14 | data | Chinese | China | 1.45 |
RT_GROUP_ICON | 0x17ea78 | 0x14 | data | Chinese | China | 1.4 |
RT_VERSION | 0x183bd8 | 0x30c | data | Chinese | China | 0.4782051282051282 |
None | 0x17f568 | 0x82 | COM executable for DOS | Chinese | China | 1.0846153846153845 |
DLL | Import |
---|---|
COMCTL32.dll | ImageList_Draw |
GDI32.dll | Arc |
KERNEL32.DLL | LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect |
MFC42.DLL | |
MSVCP60.dll | ??0_Lockit@std@@QAE@XZ |
MSVCRT.dll | sin |
USER32.dll | GetDC |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 4, 2024 20:19:03.712018013 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:03.835254908 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:03.835398912 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:04.283252001 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:04.409935951 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:04.823290110 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:04.943762064 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:05.497795105 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:05.626509905 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:06.123467922 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:06.244199038 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:06.747754097 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:06.856956005 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:06.858390093 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:06.868015051 CET | 8089 | 49707 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:06.868084908 CET | 49707 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:06.978135109 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:06.978326082 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:07.281971931 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:07.401896000 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:07.826189041 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:07.946012020 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:08.450864077 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:08.573353052 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:09.076132059 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:09.207217932 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:09.701277971 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:09.810028076 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:09.811611891 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:09.821016073 CET | 8089 | 49708 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:09.821078062 CET | 49708 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:09.935988903 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:09.936081886 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:10.209657907 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:10.330348015 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:10.823419094 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:10.943461895 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:11.451133966 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:11.575582981 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:12.076076984 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:12.196031094 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:12.701109886 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:12.810014009 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:12.812005997 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:12.824656963 CET | 8089 | 49709 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:12.824840069 CET | 49709 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:12.931791067 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:12.932054996 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:13.216836929 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:13.337352037 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:13.752990007 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:13.873950005 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:14.372891903 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:14.494815111 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:15.013566017 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:15.135255098 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:15.638545990 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:15.747607946 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:15.749811888 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:15.758449078 CET | 8089 | 49711 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:15.758524895 CET | 49711 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:15.876202106 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:15.876296997 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:16.596976042 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:16.835947990 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:17.133594990 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:17.253518105 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:17.764106035 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:17.888672113 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:18.388997078 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:18.510550976 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:19.072696924 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:19.192388058 CET | 8089 | 49713 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:19.260840893 CET | 49713 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:19.262339115 CET | 49719 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:19.382194996 CET | 8089 | 49719 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:19.382286072 CET | 49719 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:19.803263903 CET | 49719 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:19.923063040 CET | 8089 | 49719 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:20.216430902 CET | 49719 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:20.217583895 CET | 49720 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:20.337378979 CET | 8089 | 49720 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:20.339186907 CET | 49720 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:23.232832909 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:23.352742910 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:23.354398012 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:23.854348898 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:23.975420952 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:24.361689091 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:24.484699011 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:25.001332998 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:25.121150970 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:25.623390913 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:25.744770050 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:26.248090982 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:26.356981993 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:26.368442059 CET | 8089 | 49735 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:26.368498087 CET | 49735 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:29.374087095 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:29.569931984 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:29.570023060 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:29.882838011 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:30.002789974 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:30.393217087 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:30.518322945 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:31.015067101 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:31.134946108 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:31.673007965 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:31.793016911 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:32.358880997 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:32.466417074 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:32.481504917 CET | 8089 | 49748 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:32.481553078 CET | 49748 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:35.482804060 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:35.603669882 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:35.603815079 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:35.923120975 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:36.043219090 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:36.441037893 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:36.565172911 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:37.060710907 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:37.180648088 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:37.701386929 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:37.821078062 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:38.326493979 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:38.435064077 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:38.449495077 CET | 8089 | 49762 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:38.449726105 CET | 49762 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:41.451699972 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:41.571477890 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:41.571594954 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:41.909609079 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:42.030320883 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:42.425304890 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:42.545583010 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:43.048088074 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:43.168082952 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:43.671051979 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:43.790780067 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:44.300136089 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:44.403763056 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:44.544162989 CET | 8089 | 49763 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:44.544255018 CET | 49763 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:47.420593977 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:47.540380955 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:47.540504932 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:47.834217072 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:47.954020023 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:48.346229076 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:48.469902992 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:48.967123985 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:49.087197065 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:49.592521906 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:49.716439962 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:50.313869953 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:50.419667006 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:50.433729887 CET | 8089 | 49764 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:50.433782101 CET | 49764 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:53.438826084 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:53.558722019 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:53.559087992 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:53.921849012 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:54.041692972 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:54.440918922 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:54.561094046 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:55.061943054 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:55.181791067 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:55.686659098 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:55.807368994 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:56.311906099 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:56.419640064 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:56.432460070 CET | 8089 | 49766 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:56.432586908 CET | 49766 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:59.436021090 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:59.558456898 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:19:59.558590889 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:59.827169895 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:19:59.946985960 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:00.346463919 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:00.466289997 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:00.967155933 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:01.086884975 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:01.604072094 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:01.724330902 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:02.250021935 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:02.356981993 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:02.369853020 CET | 8089 | 49767 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:02.369906902 CET | 49767 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:05.373622894 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:05.493745089 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:05.494039059 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:05.781699896 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:05.901555061 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:06.299824953 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:06.419641972 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:06.921343088 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:07.041161060 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:07.546550035 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:07.666269064 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:08.171153069 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:08.283617020 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:08.291521072 CET | 8089 | 49770 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:08.291676998 CET | 49770 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:11.295723915 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:11.416320086 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:11.416400909 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:11.712658882 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:11.835577965 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:12.223611116 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:12.346390009 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:12.843210936 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:12.965641975 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:13.468452930 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:13.591696978 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:14.093286037 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:14.200618982 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:14.214148045 CET | 8089 | 49772 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:14.214200020 CET | 49772 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:17.217536926 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:17.341085911 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:17.341223001 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:18.023974895 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:18.143838882 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:18.537432909 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:18.662210941 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:19.155879021 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:19.275748014 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:19.780968904 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:19.904098034 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:20.406359911 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:20.513184071 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:20.528354883 CET | 8089 | 49773 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:20.528398037 CET | 49773 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:23.530241013 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:23.650907040 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:23.651056051 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:24.464143991 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:24.584172964 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:24.975872993 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:25.095818996 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:25.609085083 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:25.729127884 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:26.237166882 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:26.363862038 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:26.859405041 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:26.967422962 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:26.979511023 CET | 8089 | 49774 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:26.979561090 CET | 49774 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:29.983510017 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:30.582252979 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:30.583244085 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:31.576848984 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:31.696599960 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:32.175223112 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:32.295319080 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:32.797585011 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:32.917788982 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:33.421885967 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:33.546308994 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:34.103148937 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:34.258594990 CET | 8089 | 49775 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:34.387346029 CET | 49775 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:37.436691999 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:37.556539059 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:37.557233095 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:38.128777981 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:38.335611105 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:38.651349068 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:38.771955013 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:39.339246988 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:39.459214926 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:39.969022036 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:40.088879108 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:40.593858004 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:40.700783014 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:40.713691950 CET | 8089 | 49777 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:40.713758945 CET | 49777 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:43.717408895 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:43.837316990 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:43.841262102 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:44.346143007 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:44.466116905 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:45.062167883 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:45.182707071 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:45.689260960 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:45.849900007 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:46.311662912 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:46.431349039 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:46.940579891 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:47.044359922 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:47.061295986 CET | 8089 | 49778 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:47.061410904 CET | 49778 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:50.070307016 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:50.190273046 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:50.190349102 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:51.213186026 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:51.334666014 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:51.725595951 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:51.845463991 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:52.359329939 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:52.479145050 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:52.984507084 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:53.104295969 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:53.609540939 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:53.716361046 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:54.002368927 CET | 8089 | 49779 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:54.002509117 CET | 49779 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:56.733655930 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:56.879199028 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:56.879487991 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:57.392983913 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:57.518660069 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:57.915579081 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:58.035871029 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:58.547044992 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:58.668596029 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:59.172646046 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:59.292453051 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:59.797111034 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:59.903850079 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:20:59.917247057 CET | 8089 | 49780 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:20:59.917303085 CET | 49780 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:02.921061039 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:03.117491961 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:03.117650986 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:04.234544039 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:04.354527950 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:04.755858898 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:04.876142025 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:05.375215054 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:05.497977972 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:06.009023905 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:06.130914927 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:06.671886921 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:06.779011011 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:06.792414904 CET | 8089 | 49781 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:06.793312073 CET | 49781 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:09.795978069 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:09.916836977 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:09.917217970 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:10.473161936 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:10.922734976 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:10.989643097 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:11.110393047 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:11.609451056 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:11.732362986 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:12.234425068 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:12.355345011 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:12.859543085 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:12.966269016 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:12.979360104 CET | 8089 | 49783 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:12.983396053 CET | 49783 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:15.983393908 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:16.103897095 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:16.104038954 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:16.680566072 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:16.800324917 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:17.204401016 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:17.328511953 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:17.860107899 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:17.983967066 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:18.498615026 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:18.618447065 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:19.123986959 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:19.231965065 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:19.243815899 CET | 8089 | 49784 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:19.243892908 CET | 49784 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:22.257528067 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:22.377640963 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:22.377723932 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:22.923748016 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:23.044244051 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:23.442753077 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:23.562921047 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:24.061197042 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:24.181669950 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:24.686244011 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:24.806488991 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:25.310931921 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:25.419621944 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:25.433260918 CET | 8089 | 49785 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:25.435339928 CET | 49785 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:28.436629057 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:28.556507111 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:28.556607962 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:28.812254906 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:28.932965994 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:29.326370955 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:29.446283102 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:29.950994015 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:30.072838068 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:30.576174021 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:30.696291924 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:31.201155901 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:31.310220003 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:31.326663971 CET | 8089 | 49786 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:31.326734066 CET | 49786 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:34.327438116 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:34.448060989 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:34.448354006 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:34.763828993 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:34.885230064 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:35.279153109 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:35.398973942 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:35.904407024 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:36.040661097 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:36.529151917 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:36.649061918 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:37.154048920 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:37.263482094 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:37.274063110 CET | 8089 | 49787 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:37.276892900 CET | 49787 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:40.279716969 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:40.399564981 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:40.401238918 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:40.672379017 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:40.792438984 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:41.185364008 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:41.306711912 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:41.810429096 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:42.065982103 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:42.435343027 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:42.629527092 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:43.099622011 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:43.201093912 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:43.219322920 CET | 8089 | 49788 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:43.219393969 CET | 49788 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:46.217521906 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:46.338085890 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:46.338167906 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:46.592561960 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:46.713417053 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:47.363374949 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:47.483483076 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:47.982362986 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:48.102312088 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:48.607562065 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:48.728712082 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:49.232975960 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:49.342279911 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:49.358640909 CET | 8089 | 49790 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:49.358779907 CET | 49790 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:52.358144045 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:52.479222059 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:52.479448080 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:52.924607038 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:53.045581102 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:53.435646057 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:53.555422068 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:54.060307980 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:54.180843115 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:54.685575962 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:54.806776047 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:55.341795921 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:55.450855017 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:55.461661100 CET | 8089 | 49791 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:55.461714029 CET | 49791 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:58.467797041 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:58.587634087 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:58.591727972 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:58.883693933 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:59.003599882 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:21:59.440638065 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:21:59.560425997 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:00.123222113 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:00.243983984 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:00.748131990 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:00.869369984 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:01.373394012 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:01.482371092 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:01.493323088 CET | 8089 | 49792 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:01.493527889 CET | 49792 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:04.499327898 CET | 49793 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:04.619544983 CET | 8089 | 49793 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:04.619648933 CET | 49793 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:04.740212917 CET | 8089 | 49793 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:04.743258953 CET | 49793 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:04.743458033 CET | 49793 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:07.905565977 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:08.025669098 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:08.025739908 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:08.321860075 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:08.444557905 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:08.825987101 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:08.945830107 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:09.451225042 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:09.571654081 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:10.076004028 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:10.196507931 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:10.700984001 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:10.810038090 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:10.820753098 CET | 8089 | 49794 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:10.820813894 CET | 49794 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:13.828478098 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:13.948297977 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:13.948400974 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:14.220104933 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:14.340912104 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:14.732325077 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:14.852379084 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:15.357213974 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:15.477752924 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:15.983874083 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:16.104054928 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:16.857415915 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:16.966945887 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:16.977041006 CET | 8089 | 49795 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:16.977104902 CET | 49795 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:19.983484983 CET | 49796 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:20.104011059 CET | 8089 | 49796 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:20.104089022 CET | 49796 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:20.224433899 CET | 8089 | 49796 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:20.224541903 CET | 49796 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:20.224670887 CET | 49796 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:23.436744928 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:23.557699919 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:23.557797909 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:23.845208883 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:23.965435982 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:24.357410908 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:24.489386082 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:25.078469038 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:25.201121092 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:25.717012882 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:25.837604046 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:26.341609001 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:26.450685978 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:26.461761951 CET | 8089 | 49797 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:26.461811066 CET | 49797 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:29.467652082 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:29.589907885 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:29.593187094 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:29.850752115 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:29.971832037 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:30.357486010 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:30.479720116 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:30.982214928 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:31.102371931 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:31.607346058 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:31.727025986 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:32.232347012 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:32.341283083 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:32.352312088 CET | 8089 | 49798 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:32.354015112 CET | 49798 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:35.358154058 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:35.483057976 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:35.483136892 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:35.740497112 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:35.860816002 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:36.248100042 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:36.367983103 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:36.873528004 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:37.012557983 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:37.497899055 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:37.619319916 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:38.122910976 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:38.231944084 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:38.244360924 CET | 8089 | 49800 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:38.244425058 CET | 49800 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:41.249075890 CET | 49801 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:41.368813992 CET | 8089 | 49801 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:41.373272896 CET | 49801 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:41.493175983 CET | 8089 | 49801 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:41.497265100 CET | 49801 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:41.497440100 CET | 49801 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:44.686660051 CET | 49802 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:44.955486059 CET | 8089 | 49802 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:44.955651045 CET | 49802 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:45.076175928 CET | 8089 | 49802 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:45.076361895 CET | 49802 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:45.076591015 CET | 49802 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:48.203722000 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:48.323746920 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:48.325253010 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:48.840704918 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:48.960391998 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:49.341757059 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:49.461513042 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:49.966701031 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:50.087747097 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:50.591543913 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:50.711532116 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:51.490813017 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:51.591778040 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:51.610580921 CET | 8089 | 49803 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:51.611231089 CET | 49803 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:54.608433008 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:54.728755951 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:54.728832960 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:54.987929106 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:55.111285925 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:55.498017073 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:55.624017000 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:56.123033047 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:56.242850065 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:56.747936964 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:56.867667913 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:57.372952938 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:57.481955051 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:22:57.492768049 CET | 8089 | 49804 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:22:57.493227959 CET | 49804 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:00.503076077 CET | 49805 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:00.628962994 CET | 8089 | 49805 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:00.629055023 CET | 49805 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:00.751823902 CET | 8089 | 49805 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:00.752039909 CET | 49805 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:00.752470970 CET | 49805 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:03.889904022 CET | 49806 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:04.009653091 CET | 8089 | 49806 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:04.009798050 CET | 49806 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:04.130557060 CET | 8089 | 49806 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:04.130616903 CET | 49806 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:04.130911112 CET | 49806 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:07.342499971 CET | 49807 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:07.462486982 CET | 8089 | 49807 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:07.463419914 CET | 49807 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:07.583781004 CET | 8089 | 49807 | 202.181.25.108 | 192.168.2.6 |
Dec 4, 2024 20:23:07.585244894 CET | 49807 | 8089 | 192.168.2.6 | 202.181.25.108 |
Dec 4, 2024 20:23:07.585397005 CET | 49807 | 8089 | 192.168.2.6 | 202.181.25.108 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 4, 2024 20:19:03.477992058 CET | 52862 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 4, 2024 20:19:03.708614111 CET | 53 | 52862 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 4, 2024 20:19:03.477992058 CET | 192.168.2.6 | 1.1.1.1 | 0x2b36 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 4, 2024 20:19:03.708614111 CET | 1.1.1.1 | 192.168.2.6 | 0x2b36 | No error (0) | 202.181.25.108 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:19:01 |
Start date: | 04/12/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 626'176 bytes |
MD5 hash: | 75CDC74BEFD8C953EE2C022BD8366633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:19:01 |
Start date: | 04/12/2024 |
Path: | C:\Windows\SysWOW64\Gwogw.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 626'176 bytes |
MD5 hash: | 75CDC74BEFD8C953EE2C022BD8366633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:19:02 |
Start date: | 04/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:19:02 |
Start date: | 04/12/2024 |
Path: | C:\Windows\SysWOW64\Gwogw.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 626'176 bytes |
MD5 hash: | 75CDC74BEFD8C953EE2C022BD8366633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 14:19:02 |
Start date: | 04/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 14:19:02 |
Start date: | 04/12/2024 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x140000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.8% |
Dynamic/Decrypted Code Coverage: | 59.9% |
Signature Coverage: | 0% |
Total number of Nodes: | 274 |
Total number of Limit Nodes: | 15 |
Graph
Function 1001B930 Relevance: 415.5, APIs: 40, Strings: 197, Instructions: 755stringservicesleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001C850 Relevance: 229.7, APIs: 8, Strings: 123, Instructions: 460sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001B3D0 Relevance: 136.8, APIs: 13, Strings: 65, Instructions: 311threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00413FB7 Relevance: 72.3, APIs: 17, Strings: 24, Instructions: 525stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001ADE0 Relevance: 52.6, APIs: 3, Strings: 27, Instructions: 125timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10012640 Relevance: 40.4, APIs: 9, Strings: 14, Instructions: 159registrylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042E5E6 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001C800 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32serviceCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402200 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 89memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040266E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401E20 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 44memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402540 Relevance: 4.6, APIs: 3, Instructions: 64libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004024BC Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100127F4 Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401F78 Relevance: 2.5, APIs: 2, Instructions: 16memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040212B Relevance: 1.3, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000AE30 Relevance: 222.7, APIs: 23, Strings: 104, Instructions: 490stringsleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100099F0 Relevance: 211.1, APIs: 110, Strings: 10, Instructions: 1130memorylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100240A0 Relevance: 147.5, APIs: 33, Strings: 51, Instructions: 538registryserviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10015B90 Relevance: 79.1, APIs: 44, Strings: 1, Instructions: 386stringmemoryserviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001140 Relevance: 68.4, APIs: 22, Strings: 17, Instructions: 161libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C680 Relevance: 61.5, APIs: 30, Strings: 5, Instructions: 212sleepwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100170E0 Relevance: 52.8, APIs: 17, Strings: 13, Instructions: 261stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001A4A0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 263sleepsynchronizationstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10008C60 Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 186filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10026300 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 187stringfilememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10014650 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 222keyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10008740 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 119filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020E60 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 193stringmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000AAD0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 149keyboardsleepstringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C570 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82filesleepshutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10008570 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 139filememorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10013720 Relevance: 18.4, APIs: 12, Instructions: 410COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007B9A0 Relevance: 17.3, Strings: 13, Instructions: 1084COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000CDD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 61processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001F470 Relevance: 15.1, APIs: 10, Instructions: 77networksleepthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10022310 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42serviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100174F0 Relevance: 10.5, APIs: 7, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10024920 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001F0C0 Relevance: 6.1, APIs: 4, Instructions: 55networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10074E70 Relevance: 5.6, Strings: 4, Instructions: 629COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10002DC0 Relevance: 4.7, Strings: 3, Instructions: 934COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C4C0 Relevance: 4.5, APIs: 3, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E010 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100904D0 Relevance: 3.3, Strings: 2, Instructions: 786COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007FC50 Relevance: 2.3, APIs: 1, Instructions: 1021COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10092470 Relevance: 2.2, Strings: 1, Instructions: 914COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007D990 Relevance: 2.2, Strings: 1, Instructions: 902COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10091900 Relevance: 2.1, Strings: 1, Instructions: 899COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1008DA20 Relevance: 2.0, Strings: 1, Instructions: 782COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007C7B0 Relevance: 2.0, APIs: 1, Instructions: 486COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10093080 Relevance: 1.8, Strings: 1, Instructions: 580COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007CF30 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1008FE30 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10053740 Relevance: .8, Instructions: 850COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100334E0 Relevance: .7, Instructions: 684COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007EC10 Relevance: .5, Instructions: 533COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1008F4D0 Relevance: .5, Instructions: 517COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100399F8 Relevance: .5, Instructions: 463COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10032AC0 Relevance: .5, Instructions: 457COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10037260 Relevance: .4, Instructions: 446COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10037AE0 Relevance: .4, Instructions: 442COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10080CC0 Relevance: .4, Instructions: 422COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10076CD0 Relevance: .4, Instructions: 385COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10056580 Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1002BFA0 Relevance: .4, Instructions: 361COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10039B70 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007A430 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10056B00 Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100368E0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10030D67 Relevance: .3, Instructions: 284COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10039B50 Relevance: .3, Instructions: 269COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10055490 Relevance: .3, Instructions: 256COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1008F1A0 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1007A180 Relevance: .2, Instructions: 243COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10057190 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10021810 Relevance: 315.5, APIs: 3, Strings: 207, Instructions: 466sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10018790 Relevance: 301.4, APIs: 11, Strings: 161, Instructions: 425librarysleeploaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10005440 Relevance: 206.9, APIs: 24, Strings: 94, Instructions: 409libraryloaderstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10025B10 Relevance: 203.5, APIs: 29, Strings: 87, Instructions: 464registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10019060 Relevance: 184.1, APIs: 34, Strings: 71, Instructions: 373servicesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004BB0 Relevance: 180.5, APIs: 15, Strings: 88, Instructions: 259libraryloaderstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001AA00 Relevance: 136.7, APIs: 11, Strings: 67, Instructions: 239sleepsynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100181E0 Relevance: 129.2, APIs: 4, Strings: 82, Instructions: 220sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000DB60 Relevance: 128.1, APIs: 37, Strings: 36, Instructions: 366servicefilesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020590 Relevance: 114.1, APIs: 19, Strings: 46, Instructions: 328stringmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001A170 Relevance: 103.5, APIs: 6, Strings: 53, Instructions: 211stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100223C0 Relevance: 96.4, APIs: 1, Strings: 54, Instructions: 109processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10011520 Relevance: 91.5, APIs: 38, Strings: 14, Instructions: 462networkstringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C280 Relevance: 85.9, APIs: 9, Strings: 40, Instructions: 163libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001D5F0 Relevance: 84.3, APIs: 24, Strings: 24, Instructions: 274libraryloadersleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10010E90 Relevance: 80.8, APIs: 36, Strings: 10, Instructions: 338networkstringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000D5E0 Relevance: 79.0, APIs: 12, Strings: 33, Instructions: 205libraryloaderfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10007AD0 Relevance: 75.5, APIs: 1, Strings: 42, Instructions: 234fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001DB00 Relevance: 70.3, APIs: 34, Strings: 6, Instructions: 314librarysleepfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10011240 Relevance: 66.8, APIs: 31, Strings: 7, Instructions: 271networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027850 Relevance: 64.9, APIs: 12, Strings: 25, Instructions: 154libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100120C0 Relevance: 61.6, APIs: 22, Strings: 13, Instructions: 400registrystringlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000D8A0 Relevance: 61.5, APIs: 32, Strings: 3, Instructions: 243servicesleepprocessCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001700 Relevance: 59.6, APIs: 12, Strings: 22, Instructions: 127libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10026680 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 273stringmemorycomCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001D1B0 Relevance: 44.1, APIs: 11, Strings: 14, Instructions: 314libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001F180 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 249networksynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100015A0 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 132libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10002340 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 183windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100210D0 Relevance: 38.6, APIs: 5, Strings: 17, Instructions: 92registrystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10016170 Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 131registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004A80 Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 110libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10018690 Relevance: 36.8, APIs: 2, Strings: 19, Instructions: 68sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10010190 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 200libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027D90 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 94libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10007600 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 156windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001310 Relevance: 33.3, APIs: 4, Strings: 15, Instructions: 85libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10006830 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 188stringmemoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000EA80 Relevance: 31.7, APIs: 21, Instructions: 151COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10005010 Relevance: 31.6, APIs: 7, Strings: 11, Instructions: 105libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100212F0 Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 99registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10009590 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 116stringsleepfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001D960 Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 83libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10016460 Relevance: 28.0, APIs: 2, Strings: 14, Instructions: 49libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10008340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10024DB0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 100filememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10010010 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 114libraryloadersleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100051B0 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 93libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001000 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 91libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10022B00 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 65sleepstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000CA80 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 84sleepfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10017580 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 78serviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10005AF0 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 74libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027430 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10005BB0 Relevance: 22.8, APIs: 15, Instructions: 318COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027670 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 64libraryloaderthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10057480 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10006AC0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 153filememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10002590 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 104windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000A8A0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10014120 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 73registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100226B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69stringmemorylibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027530 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 54libraryloaderthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100215B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107sleepregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100014B0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10015A00 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 60servicesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027720 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 58libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001DA60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 56libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000ECD0 Relevance: 16.6, APIs: 11, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E160 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10015910 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80servicesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10024EE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 70fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10015AC0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 68servicesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10005130 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 47libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10014D40 Relevance: 15.1, APIs: 10, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E980 Relevance: 15.1, APIs: 10, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10016860 Relevance: 15.0, APIs: 2, Strings: 8, Instructions: 37stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C980 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80filelibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100225A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10024A30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56threadprocessinjectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100265B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100249B0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46threadprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10015100 Relevance: 13.7, APIs: 9, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100256F0 Relevance: 13.6, APIs: 9, Instructions: 79stringmemorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10013E90 Relevance: 13.6, APIs: 9, Instructions: 77synchronizationkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E8A0 Relevance: 13.6, APIs: 9, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001E8C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 147networksynchronizationthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000FE80 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000ADA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39librarystringloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000FFB0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004460 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000F9B0 Relevance: 12.2, APIs: 8, Instructions: 167COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10009810 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10025860 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105sleeplibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100088D0 Relevance: 10.6, APIs: 7, Instructions: 94stringfilememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10006CA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000F010 Relevance: 10.6, APIs: 7, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10021210 Relevance: 10.6, APIs: 7, Instructions: 78stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100284B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53sleepthreadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10022790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46filestringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100168E0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020070 Relevance: 10.2, APIs: 8, Instructions: 199sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004710 Relevance: 9.1, APIs: 6, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100152B0 Relevance: 9.1, APIs: 6, Instructions: 129windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001FE90 Relevance: 9.1, APIs: 6, Instructions: 114stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100155C0 Relevance: 9.1, APIs: 6, Instructions: 105windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10002860 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 101stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10007980 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10008EE0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10028370 Relevance: 9.1, APIs: 6, Instructions: 88sleepthreadnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10016510 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100275D0 Relevance: 9.1, APIs: 6, Instructions: 53processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020AD0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 49stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E280 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82sleepfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10006520 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10016720 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55stringnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100092E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34synchronizationCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000C520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E550 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15librarysleeploaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10006010 Relevance: 7.6, APIs: 6, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001D0B0 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100065B0 Relevance: 7.6, APIs: 5, Instructions: 88memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000F320 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10003F10 Relevance: 7.6, APIs: 6, Instructions: 73COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1001DEB0 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020440 Relevance: 7.6, APIs: 5, Instructions: 52stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100165C0 Relevance: 7.5, APIs: 5, Instructions: 46stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10022BE0 Relevance: 7.5, APIs: 5, Instructions: 31serviceCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004690 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100052E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004020 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027C70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E390 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000E3F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 100277B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10003210 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 172stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000FB90 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10013590 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10013320 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001D50 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001E20 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020BC0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10004110 Relevance: 6.0, APIs: 4, Instructions: 47synchronizationnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000F800 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10022A80 Relevance: 6.0, APIs: 4, Instructions: 46processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 1000EF60 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10028240 Relevance: 6.0, APIs: 4, Instructions: 37networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10027A20 Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001F80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10020020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10001C80 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 10007ED0 Relevance: 5.1, APIs: 4, Instructions: 64stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|