Edit tour
Windows
Analysis Report
WizClient.exe
Overview
General Information
| Sample name: | WizClient.exe |
| Analysis ID: | 1652216 |
| MD5: | 51dc79ac2451e7ad8809d28ee07602b4 |
| SHA1: | 37a4efa21c4a98a45b75c8b6037bc8d719cdf45e |
| SHA256: | dcbc3e96c538390d213875789f30feaeec238a512fc32b19e8f2c1216b89ad4c |
| Tags: | exeuser-BastianHein |
| Infos: |  |
 | |
Detection
XWorm
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Yara signature match
Classification
- System is w10x64
WizClient.exe (PID: 6276 cmdline: "C:\Users\ user\Deskt op\WizClie nt.exe" MD5: 51DC79AC2451E7AD8809D28EE07602B4) 
WerFault.exe (PID: 5560 cmdline: C:\Windows \system32\ WerFault.e xe -u -p 6 276 -s 228 0 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"127.0.0.1"
],
"Port": 2323,
"Aes key": "<123456789>",
"SPL": "<Xwormmm>",
"Install file": "USB.exe"
}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
| rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
| MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
| MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
| rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
| MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Neural Call Log Analysis: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | URLs: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00007FFB9AA61AF5 | |
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 11 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 41 Virtualization/Sandbox Evasion | LSASS Memory | 41 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 76% | Virustotal | Browse | ||
| 81% | ReversingLabs | ByteCode-MSIL.Trojan.Jalapeno | ||
| 100% | Avira | HEUR/AGEN.1305769 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| i.ibb.co | 207.174.26.219 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 207.174.26.219 | i.ibb.co | United States | 6079 | RCN-ASUS | false |
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1652216 |
| Start date and time: | 2025-03-30 18:03:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 39s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | WizClient.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@2/5@1/2 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, s ppsvc.exe, WerFault.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 20.189.173.22, 4.1 75.87.197, 23.204.23.20, 20.19 0.190.131 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, slscr.update.microsoft.com , login.live.com, blobcollecto r.events.data.trafficmanager.n et, onedsblobprdwus17.westus.c loudapp.azure.com, ctldl.windo wsupdate.com, umwatson.events. data.microsoft.com, c.pki.goog , fe3cr.delivery.mp.microsoft. com - Execution Graph export aborted
for target WizClient.exe, PID 6276 because it is empty - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Report size getting too big, t
oo many NtSetInformationFile c alls found.
| Time | Type | Description |
|---|---|---|
| 12:04:10 | API Interceptor | |
| 12:05:53 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 207.174.26.219 | Get hash | malicious | XWorm | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| i.ibb.co | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| RCN-ASUS | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Amadey, Babadeda, Batch Injector | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Braodo | Browse |
|
⊘No context
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 1.188254775015482 |
| Encrypted: | false |
| SSDEEP: | 192:3YmEkez0SthpaWz8iyrelhESzuiFVZ24lO8Wjx:PEkpSthpa48iNiSzuiFVY4lO8WV |
| MD5: | 536314B3C9587917722C62FB9F502263 |
| SHA1: | A05D212670F59CBFB087F912F3F96ADE81A29B9C |
| SHA-256: | 3EE31D831063607C87E9247EA8ADD8710C2A9C080BA3C60181D89CB868D6534B |
| SHA-512: | 79B9C461358FE27E3C0CFAB6385C8859A36DC9D8FA864C18FC0DA3A3736557B1D404F5F3DF239B8170AF00B3947A3ED1C79BDDC57E3113464D7E8EC39E9C072A |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 605220 |
| Entropy (8bit): | 3.218995659726747 |
| Encrypted: | false |
| SSDEEP: | 3072:7YBfHYRQ+mRTsHpQ5iY1CCqdTH/33+vt8QoVmfyBOXpIymdSZevXdiW54vrylgcC:7qvH+A4zWqh/33Qt8hdiYerwsHLE |
| MD5: | FB9B2DFA8EAB144AC1D4FCA4382490D0 |
| SHA1: | BB8CFFEED821B7875A7705C873DA97954836B98E |
| SHA-256: | 48552A3E776CDAB40DEA868D7AA9A25E41CB3FF928EDF35770AD2FD4F55C27F2 |
| SHA-512: | DDF7D272DC7131B01250F015BA20176C1A950DB244C0F23332DF422EBBCAEFE00785B8D593E88C04F9C8C4185945BAA79706E6F0B4DE2320E9CF1759ABA1F416 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8906 |
| Entropy (8bit): | 3.697849072179655 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJxjDqcwa6Y+AxyOipgmfZIBprs89bAb0f57Am:R6lXJ1DqU6YZzipgmfClA4fH |
| MD5: | 9B9B960E1E1C5A37E60CB2DFAEF35249 |
| SHA1: | 9E5D78DA98DB14ACD3AC120D2EAA7103A60D51A1 |
| SHA-256: | C210C3ED0E36B00231A7E03E4DAC41C83C0DE520F74060F6924E796D469219FC |
| SHA-512: | 7BA0582FC7ADB0DA7F3A5A116802CD241EA2C3AFDA53A942E5D01AE723E5F19E1F41F76F8526935B8D4A717F71BFF5434EFB3D238B0748A5E1258C36DBD86956 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4781 |
| Entropy (8bit): | 4.452582001296201 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsTzJg771I9f8WpW8VYfYm8M4J+BFwyq8vpZhQVeEd:uIjfTNI7Y17VnJLWbhQoEd |
| MD5: | 08589C9772CF511AB9030E976977540E |
| SHA1: | A4431848830122DD559C139904321402C18F3104 |
| SHA-256: | E7E3FB1D5BB85DA6BBD539E423C0D33B660F6AB4901C40ED59E88154CF4EF7A1 |
| SHA-512: | FB74110BADAA0125A6D6EFF3C3C5191C8DBF1A2592B55E972C5FBC49B10DCF7FCFEC424C80C6DAC8D1E5CBAD09E78857FD5776FC38749FCEFC3CCE4D7ED880EF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.419954234821631 |
| Encrypted: | false |
| SSDEEP: | 6144:jcifpi6ceLPL9skLmb0mgSWSPtaJG8nAgex285i2MMhA20X4WABlUuNT5+7:Yi58gSWIZBk2MM6AFn9o |
| MD5: | 9A3F7C6C59DF1C3BC1B67DA443B5C614 |
| SHA1: | FBB1054C47668376D49399D89D250236D633FE15 |
| SHA-256: | F607E13BBBC985F6A43F437B2508FF337597FB852E41AFC084BD7EF48127EE27 |
| SHA-512: | 25270B039F150A2A6FF644E4A09074EFEC2C34840673D81AEA30EE5B8C839B10BE535A80A90D39CED96550978D42B03C335C53BD7BA088B484CE29D437A1C335 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.598583777406854 |
| TrID: |
|
| File name: | WizClient.exe |
| File size: | 31'232 bytes |
| MD5: | 51dc79ac2451e7ad8809d28ee07602b4 |
| SHA1: | 37a4efa21c4a98a45b75c8b6037bc8d719cdf45e |
| SHA256: | dcbc3e96c538390d213875789f30feaeec238a512fc32b19e8f2c1216b89ad4c |
| SHA512: | 6e737cb3b034a4f7979b99614adbd71d9fab76b4397501f165815bcf1646dd763fe7ea9544a3c66a1967ba80598bf2287ee0cd53d6cbeaebd8ad25abdeeeb65a |
| SSDEEP: | 384:N2458Ytf+1mOEUehuzD2LZX01uYTEXXQmRuptFlBLTIOZw/W2Zvn9Ikn1W2kxOq8:9+1mOE1yG6u4QAm0FG9L4nOqhFbg |
| TLSH: | 1AE23B487BA88326D6FE1FF219B3910102749513E913EF9F4CD595EB6B6BAC046013EA |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.g.................p............... ........@.. ....................................@................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x408fce |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67E94F90 [Sun Mar 30 14:05:04 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8f78 | 0x53 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa000 | 0x4e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x6fd4 | 0x7000 | 6ec5d5c0e42371ad4d5899e55b79bb0e | False | 0.5057896205357143 | data | 5.760275569586321 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0xa000 | 0x4e0 | 0x600 | 235e94540ed2bb03f2399871a29cec24 | False | 0.376953125 | data | 3.7387328467315477 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xc000 | 0xc | 0x200 | 31ca38b3f46e1c56e0678c2fc19748f8 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0xa0a0 | 0x24c | data | 0.47619047619047616 | ||
| RT_MANIFEST | 0xa2f0 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| FileDescription | |
| FileVersion | 1.0.0.0 |
| InternalName | WizClient.exe |
| LegalCopyright | |
| OriginalFilename | WizClient.exe |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.0.0.0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
- Total Packets: 317
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 30, 2025 18:04:17.673163891 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.673202991 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:17.673337936 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.692189932 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.692220926 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:17.915535927 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:17.915741920 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.921082020 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.921097994 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:17.921354055 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:17.974210978 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:17.987999916 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.032272100 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.119215012 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.119268894 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.119395971 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.179507017 CEST | 49684 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.179543972 CEST | 443 | 49684 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.184154987 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.184201956 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.184264898 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.184787035 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.184801102 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.394051075 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.397830009 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.397855043 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.601603031 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.601665020 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:18.601728916 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.602255106 CEST | 49685 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:18.602272034 CEST | 443 | 49685 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:20.615942955 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:20.615998030 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:20.616117954 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:20.616400003 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:20.616413116 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:20.822911024 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:20.824234962 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:20.824273109 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.033524990 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.033615112 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.033721924 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.034224987 CEST | 49687 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.034241915 CEST | 443 | 49687 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.035322905 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.035370111 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.035444975 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.035706997 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.035713911 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.255697012 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.258517027 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.258548021 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.456410885 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.456518888 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:21.456602097 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.457154989 CEST | 49688 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:21.457175970 CEST | 443 | 49688 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:23.460273981 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:23.460323095 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:23.460428953 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:23.460892916 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:23.460906982 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.383944035 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.385226965 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.385251999 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.590948105 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.591008902 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.591064930 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.652394056 CEST | 49689 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.652416945 CEST | 443 | 49689 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.653264046 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.653304100 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.653389931 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.653623104 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.653640985 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.871927023 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:24.881068945 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:24.881088972 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:25.080022097 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:25.080075979 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:25.080209017 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:25.080815077 CEST | 49690 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:25.080837011 CEST | 443 | 49690 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.084832907 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.084871054 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.085019112 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.085342884 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.085357904 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.298055887 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.299992085 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.300015926 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.504550934 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.504615068 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.504743099 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.505143881 CEST | 49693 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.505163908 CEST | 443 | 49693 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.506323099 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.506376028 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:27.506447077 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.506767035 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:27.506783009 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:28.720325947 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:28.721766949 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:28.721791029 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:29.280065060 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:29.280122995 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:29.280168056 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:29.280747890 CEST | 49694 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:29.280766964 CEST | 443 | 49694 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:31.289418936 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:31.289467096 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:31.289560080 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:31.289853096 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:31.289865017 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:31.929954052 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:31.939717054 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:31.939728975 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.143419027 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.143485069 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.143570900 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.144095898 CEST | 49701 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.144114971 CEST | 443 | 49701 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.145222902 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.145334959 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.145448923 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.145658016 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.145690918 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.352907896 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.354593992 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.354619980 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.558614016 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.558681011 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.559202909 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:32.559274912 CEST | 443 | 49702 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:32.559315920 CEST | 49702 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:34.569626093 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:34.569678068 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:34.569737911 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:34.570342064 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:34.570365906 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:34.784703970 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:34.786119938 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:34.786156893 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.001564980 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.001625061 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.001724958 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.002182007 CEST | 49704 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.002219915 CEST | 443 | 49704 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.003362894 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.003406048 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.003493071 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.003730059 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.003743887 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.220841885 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.222374916 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.222398996 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.803325891 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.803392887 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:35.803441048 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.803940058 CEST | 49705 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:35.803956032 CEST | 443 | 49705 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:37.819183111 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:37.819257975 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:37.819361925 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:37.819628000 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:37.819643974 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.714845896 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.716262102 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.716293097 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.920748949 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.920804977 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.920881987 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.921363115 CEST | 49710 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.921385050 CEST | 443 | 49710 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.922607899 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.922645092 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:39.922739029 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.922961950 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:39.922976017 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:40.129374027 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:40.130836010 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:40.130858898 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:40.331583977 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:40.331639051 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:40.331681967 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:40.332163095 CEST | 49713 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:40.332176924 CEST | 443 | 49713 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.336349964 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.336394072 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.336520910 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.337030888 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.337044954 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.545840025 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.547354937 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.547364950 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.752444029 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.752506018 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.752556086 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.753072023 CEST | 49717 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.753086090 CEST | 443 | 49717 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.754185915 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.754225969 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:42.754301071 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.754579067 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:42.754590034 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:43.370428085 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:43.371778011 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:43.371798992 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:43.576544046 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:43.576612949 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:43.576931953 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:43.577069044 CEST | 49718 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:43.577091932 CEST | 443 | 49718 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:45.622059107 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:45.622128010 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:45.622313023 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:45.622755051 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:45.622776031 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:45.832626104 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:45.839829922 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:45.839864969 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.041433096 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.041502953 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.041569948 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.042027950 CEST | 49720 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.042049885 CEST | 443 | 49720 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.043034077 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.043080091 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.043195009 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.043457031 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.043472052 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.248925924 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.250418901 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.250443935 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.767703056 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.767767906 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:46.768013000 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.768625021 CEST | 49722 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:46.768646002 CEST | 443 | 49722 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:48.772996902 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:48.773051023 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:48.773124933 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:48.773505926 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:48.773516893 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:48.983617067 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:48.985091925 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:48.985127926 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.191389084 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.191448927 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.191498995 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.192078114 CEST | 49724 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.192094088 CEST | 443 | 49724 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.193397045 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.193434000 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.193512917 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.193778992 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.193794966 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.407793999 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.409394979 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.409434080 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.620815039 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.620868921 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:49.621017933 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.621412992 CEST | 49725 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:49.621428967 CEST | 443 | 49725 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:51.631818056 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:51.631866932 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:51.632105112 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:51.632405043 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:51.632421970 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:51.846779108 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:51.848418951 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:51.848439932 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.062406063 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.062453032 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.062591076 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.063138008 CEST | 49726 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.063154936 CEST | 443 | 49726 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.064634085 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.064680099 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.064807892 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.065018892 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.065032005 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.276380062 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.277935982 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.277964115 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.852157116 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.852209091 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:52.852267981 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.852699995 CEST | 49727 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:52.852720022 CEST | 443 | 49727 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:54.865987062 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:54.866030931 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:54.866139889 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:54.866444111 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:54.866466045 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.080588102 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.082138062 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.082159996 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.307574987 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.307640076 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.307854891 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.308367968 CEST | 49730 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.308387041 CEST | 443 | 49730 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.309463024 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.309519053 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:55.309617996 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.309834957 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:55.309849024 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:56.533096075 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:56.534792900 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:56.534818888 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:56.745934010 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:56.745995045 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:56.746134996 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:56.752371073 CEST | 49731 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:56.752392054 CEST | 443 | 49731 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:58.756645918 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:58.756689072 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:58.756776094 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:58.757044077 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:58.757060051 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:58.969472885 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:58.970988989 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:58.971002102 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:59.805560112 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:59.805620909 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:59.805727959 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:59.866060972 CEST | 49734 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:59.866087914 CEST | 443 | 49734 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:59.867005110 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:59.867052078 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:04:59.867157936 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:59.867353916 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:04:59.867364883 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:00.073111057 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:00.079651117 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:00.079659939 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:00.712165117 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:00.712239027 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:00.712342978 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:00.712729931 CEST | 49735 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:00.712748051 CEST | 443 | 49735 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:02.732656002 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:02.732723951 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:02.732817888 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:02.733153105 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:02.733172894 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:02.940393925 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:02.941768885 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:02.941809893 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:03.157448053 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:03.157530069 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:03.157732964 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:03.158152103 CEST | 49738 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:03.158169031 CEST | 443 | 49738 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:03.159336090 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:03.159390926 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:03.159465075 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:03.159698963 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:03.159719944 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:04.014348030 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:04.015760899 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:04.015782118 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:04.903966904 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:04.904042959 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:04.904186010 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:04.904506922 CEST | 49739 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:04.904525042 CEST | 443 | 49739 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:06.913140059 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:06.913193941 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:06.913286924 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:06.913554907 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:06.913567066 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.126566887 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.128077984 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.128114939 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.705099106 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.705164909 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.705225945 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.705729008 CEST | 49740 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.705746889 CEST | 443 | 49740 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.706928968 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.706976891 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:07.707082033 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.707321882 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:07.707333088 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:09.031898975 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:09.033467054 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:09.033503056 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:09.235851049 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:09.235920906 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:09.236077070 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:09.236553907 CEST | 49741 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:09.236574888 CEST | 443 | 49741 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:11.241369963 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:11.241419077 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:11.241590023 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:11.241842985 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:11.241852999 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:11.885459900 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:11.886964083 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:11.886980057 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.102662086 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.102716923 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.102787971 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.103239059 CEST | 49744 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.103254080 CEST | 443 | 49744 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.104262114 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.104300022 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.104367971 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.104643106 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.104655981 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.319545984 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.321274042 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.321300983 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.907711029 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.907780886 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:12.907838106 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.908348083 CEST | 49745 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:12.908365965 CEST | 443 | 49745 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:14.913203955 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:14.913254023 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:14.913363934 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:14.913831949 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:14.913844109 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.535664082 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.537362099 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.537377119 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.753870964 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.753940105 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.754120111 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.754465103 CEST | 49746 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.754481077 CEST | 443 | 49746 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.755620003 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.755649090 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.755810976 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.756059885 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.756072044 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.969257116 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:15.970786095 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:15.970803976 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:16.177592993 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:16.177663088 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:16.177824974 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:16.178272009 CEST | 49747 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:16.178292036 CEST | 443 | 49747 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:18.196717978 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:18.196763039 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:18.197010994 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:18.197283030 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:18.197299004 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:20.975414038 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:20.978137016 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:20.978152037 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:21.180007935 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:21.180061102 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:21.180107117 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:21.180677891 CEST | 49750 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:21.180692911 CEST | 443 | 49750 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:21.182159901 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:21.182198048 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:21.182265997 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:21.182636976 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:21.182650089 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:22.426817894 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:22.454670906 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:22.454699993 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:22.971255064 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:22.971313953 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:22.971358061 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:22.971980095 CEST | 49752 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:22.971995115 CEST | 443 | 49752 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:24.851037025 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:24.851082087 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:24.851139069 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:24.851588964 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:24.851597071 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.072901964 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.114808083 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.156610966 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.156625986 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.286732912 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.286793947 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.286842108 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.370594025 CEST | 49755 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.370635986 CEST | 443 | 49755 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.375230074 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.375281096 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.375340939 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.379383087 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.379411936 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.596996069 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.598440886 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.598490000 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.814085007 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.814171076 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:25.814785957 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.815169096 CEST | 49756 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:25.815181017 CEST | 443 | 49756 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:27.569675922 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:27.569741011 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:27.569998980 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:27.574244022 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:27.574259996 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.429446936 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.431225061 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.431258917 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.635179043 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.635256052 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.635313034 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.635814905 CEST | 49758 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.635832071 CEST | 443 | 49758 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.637154102 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.637191057 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.637254000 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.637578964 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.637588978 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.845272064 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:28.846630096 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:28.846642017 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:29.059205055 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:29.059269905 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:29.059318066 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:29.059901953 CEST | 49759 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:29.059919119 CEST | 443 | 49759 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:30.694547892 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:30.694602966 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:30.694674969 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:30.694988966 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:30.695002079 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:31.918390989 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:31.922858953 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:31.922882080 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.126728058 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.126780033 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.131742001 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.134161949 CEST | 49760 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.134183884 CEST | 443 | 49760 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.142563105 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.142612934 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.142868042 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.146764040 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.146791935 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.353912115 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.355129957 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.355149031 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.868926048 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.868995905 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:32.869056940 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.869560003 CEST | 49761 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:32.869591951 CEST | 443 | 49761 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.398178101 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.398277044 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.401326895 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.404181957 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.404196024 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.612169027 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.645239115 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.645265102 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.826386929 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.826438904 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.826520920 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.831779957 CEST | 49763 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.831794024 CEST | 443 | 49763 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.844707012 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.844744921 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:34.844882011 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.845165968 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:34.845179081 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:35.693021059 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:35.694576979 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:35.694607973 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:35.906373024 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:35.906435013 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:35.906485081 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:35.906889915 CEST | 49764 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:35.906903982 CEST | 443 | 49764 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:37.336097002 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:37.336148977 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:37.336275101 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:37.336548090 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:37.336565971 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:38.668046951 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:38.671497107 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:38.671526909 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.007731915 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.007788897 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.008241892 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.008338928 CEST | 49765 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.008357048 CEST | 443 | 49765 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.012168884 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.012212992 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.016335964 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.020270109 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.020282984 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.650726080 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.652306080 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.652333021 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.858023882 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.858088970 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:39.858133078 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.858568907 CEST | 49767 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:39.858581066 CEST | 443 | 49767 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:41.194160938 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:41.194197893 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:41.194586992 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:41.194586992 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:41.194612980 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:41.417588949 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:41.419118881 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:41.419131041 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.014833927 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.014892101 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.014955044 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.015381098 CEST | 49768 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.015398026 CEST | 443 | 49768 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.016611099 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.016638041 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.016705036 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.016988039 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.016994953 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.657571077 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:42.661616087 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:42.661642075 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:43.190596104 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:43.190658092 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:43.191113949 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:43.191126108 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:43.396267891 CEST | 443 | 49769 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:43.396342993 CEST | 49769 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:44.428711891 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:44.428749084 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:44.428812027 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:44.429151058 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:44.429164886 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.302228928 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.304193974 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.304209948 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.516383886 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.516441107 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.516495943 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.516921997 CEST | 49770 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.516940117 CEST | 443 | 49770 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.518096924 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.518130064 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.518199921 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.518548012 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.518556118 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.728529930 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.730240107 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.730252028 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.945183992 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.945293903 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:45.945410013 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.945811987 CEST | 49771 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:45.945831060 CEST | 443 | 49771 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:47.100290060 CEST | 49773 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:47.100325108 CEST | 443 | 49773 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:47.101311922 CEST | 49773 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:47.101716042 CEST | 49773 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:47.101730108 CEST | 443 | 49773 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:48.335457087 CEST | 443 | 49773 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:48.351535082 CEST | 49773 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:48.351638079 CEST | 443 | 49773 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:48.351696968 CEST | 49773 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:49.446146965 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:49.446175098 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:49.446438074 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:49.446726084 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:49.446733952 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:53.242016077 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:53.242113113 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:54.781651020 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:54.781671047 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:54.782033920 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:54.785893917 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Mar 30, 2025 18:05:54.785943031 CEST | 443 | 49775 | 207.174.26.219 | 192.168.2.7 |
| Mar 30, 2025 18:05:54.785999060 CEST | 49775 | 443 | 192.168.2.7 | 207.174.26.219 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 30, 2025 18:04:17.558356047 CEST | 64038 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 30, 2025 18:04:17.664057016 CEST | 53 | 64038 | 1.1.1.1 | 192.168.2.7 |
| Mar 30, 2025 18:04:54.561300993 CEST | 53 | 63077 | 162.159.36.2 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 30, 2025 18:04:17.558356047 CEST | 192.168.2.7 | 1.1.1.1 | 0x661e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 30, 2025 18:04:17.664057016 CEST | 1.1.1.1 | 192.168.2.7 | 0x661e | No error (0) | 207.174.26.219 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49684 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:17 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49685 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:18 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49687 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:20 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49688 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:21 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49689 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:24 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49690 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:24 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49693 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:27 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49694 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:28 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49701 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:31 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 49702 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:32 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.7 | 49704 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:34 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.7 | 49705 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:35 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.7 | 49710 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:39 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.7 | 49713 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:40 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.7 | 49717 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:42 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.7 | 49718 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:43 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.7 | 49720 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:45 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.7 | 49722 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:46 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.7 | 49724 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:48 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.7 | 49725 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:49 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.7 | 49726 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:51 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.7 | 49727 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:52 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.7 | 49730 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:55 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.7 | 49731 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:56 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.7 | 49734 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:04:58 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.7 | 49735 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:00 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.7 | 49738 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:02 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.7 | 49739 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:04 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.7 | 49740 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:07 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.7 | 49741 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:09 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.7 | 49744 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:11 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.7 | 49745 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:12 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.7 | 49746 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:15 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.7 | 49747 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:15 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.7 | 49750 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:20 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.7 | 49752 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:22 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.7 | 49755 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:25 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.7 | 49756 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:25 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 38 | 192.168.2.7 | 49758 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:28 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 39 | 192.168.2.7 | 49759 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:28 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 40 | 192.168.2.7 | 49760 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:31 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 41 | 192.168.2.7 | 49761 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:32 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 42 | 192.168.2.7 | 49763 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:34 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 43 | 192.168.2.7 | 49764 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:35 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 44 | 192.168.2.7 | 49765 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:38 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 45 | 192.168.2.7 | 49767 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:39 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 46 | 192.168.2.7 | 49768 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:41 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 47 | 192.168.2.7 | 49769 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:42 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 48 | 192.168.2.7 | 49770 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:45 UTC | 75 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 49 | 192.168.2.7 | 49771 | 207.174.26.219 | 443 | 6276 | C:\Users\user\Desktop\WizClient.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-30 16:05:45 UTC | 75 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:04:07 |
| Start date: | 30/03/2025 |
| Path: | C:\Users\user\Desktop\WizClient.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7d0000 |
| File size: | 31'232 bytes |
| MD5 hash: | 51DC79AC2451E7AD8809D28EE07602B4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 12:05:49 |
| Start date: | 30/03/2025 |
| Path: | C:\Windows\System32\WerFault.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff612c70000 |
| File size: | 570'736 bytes |
| MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
