Windows
Analysis Report
rDoc5633276235623657_xls.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- rDoc5633276235623657_xls.exe (PID: 6696 cmdline:
"C:\Users\ user\Deskt op\rDoc563 3276235623 657_xls.ex e" MD5: D5489DA5AA14ED9D71D8338EC41A1BC1) - RegAsm.exe (PID: 6980 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - RegAsm.exe (PID: 7008 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - WerFault.exe (PID: 5936 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 008 -s 204 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Cameleon, StormKitty | PWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["178.215.236.218"], "Port": "16433", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_StormKitty | Yara detected StormKitty Stealer | Joe Security | ||
Click to see the 12 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 17 entries |
System Summary |
---|
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:26.063538+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:36.919201+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:42.669326+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:47.301601+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:57.820236+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:08.430346+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:12.607434+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:19.155830+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.086278+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.398379+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.853689+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.952814+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:24.050877+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:34.538831+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:26.102394+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.711240+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.904405+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.932266+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.041739+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.151091+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.260478+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.382753+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.495593+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.605361+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.730651+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:36.921165+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:47.304152+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:57.825196+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:08.437665+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:19.157555+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.088880+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.400282+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.856833+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.955308+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:24.053253+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:34.540801+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:42.669326+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:12.607434+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:27.711240+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.904405+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.932266+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.041739+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.151091+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.260478+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.382753+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.495593+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.605361+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.730651+0200 | 2852873 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:25.809760+0200 | 2855924 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:26.208741+0200 | 2853192 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_06660F28 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Operating System Destruction |
---|
Source: | Process information set: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_02B02B28 | |
Source: | Code function: | 0_2_02B011D8 | |
Source: | Code function: | 0_2_02B02B21 | |
Source: | Code function: | 2_2_01334150 | |
Source: | Code function: | 2_2_01331030 | |
Source: | Code function: | 2_2_0133E250 | |
Source: | Code function: | 2_2_013394A0 | |
Source: | Code function: | 2_2_01333B57 | |
Source: | Code function: | 2_2_01339D70 | |
Source: | Code function: | 2_2_0133DC29 | |
Source: | Code function: | 2_2_0133BC50 | |
Source: | Code function: | 2_2_01339158 | |
Source: | Code function: | 2_2_01331628 | |
Source: | Code function: | 2_2_066024E8 | |
Source: | Code function: | 2_2_06605670 | |
Source: | Code function: | 2_2_0666B408 | |
Source: | Code function: | 2_2_06661498 | |
Source: | Code function: | 2_2_06660040 | |
Source: | Code function: | 2_2_0666DB20 | |
Source: | Code function: | 2_2_06661488 | |
Source: | Code function: | 2_2_0666F558 | |
Source: | Code function: | 2_2_0666B3F8 | |
Source: | Code function: | 2_2_0666A388 | |
Source: | Code function: | 2_2_06660022 | |
Source: | Code function: | 2_2_06660F28 | |
Source: | Code function: | 2_2_06660F18 | |
Source: | Code function: | 2_2_06684A18 | |
Source: | Code function: | 2_2_066882D8 | |
Source: | Code function: | 2_2_06681010 | |
Source: | Code function: | 2_2_06681D48 | |
Source: | Code function: | 2_2_06684A08 | |
Source: | Code function: | 2_2_066882CA | |
Source: | Code function: | 2_2_06680FFF | |
Source: | Code function: | 2_2_0668B7A4 | |
Source: | Code function: | 2_2_0668B810 | |
Source: | Code function: | 2_2_066879C8 | |
Source: | Code function: | 2_2_066849D8 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 2_2_06667743 | |
Source: | Code function: | 2_2_066638B0 | |
Source: | Code function: | 2_2_0668E7A1 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | 2 Registry Run Keys / Startup Folder | 311 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Registry Run Keys / Startup Folder | 2 Obfuscated Files or Information | Security Account Manager | 131 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 141 Virtualization/Sandbox Evasion | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Masquerading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Modify Registry | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 141 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 311 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.135.233 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.135.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false | |
178.215.236.218 | unknown | Germany | 10753 | LVLT-10753US | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519397 |
Start date and time: | 2024-09-26 13:25:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Critical Process Termination |
Sample name: | rDoc5633276235623657_xls.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/20@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: rDoc5633276235623657_xls.exe
Time | Type | Description |
---|---|---|
07:26:14 | API Interceptor | |
12:26:17 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
162.159.135.233 | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, AveMaria | Browse |
| ||
Get hash | malicious | Amadey RedLine | Browse |
| ||
Get hash | malicious | Amadey RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Dridex Dropper | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | WinSearchAbuse | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Dridex Dropper | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
LVLT-10753US | Get hash | malicious | Remcos, GuLoader | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | WinSearchAbuse | Browse |
| |
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\XClient.exe | Get hash | malicious | Quasar | Browse | ||
Get hash | malicious | Lokibot | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AsyncRAT, DcRat, Stealerium, StormKitty | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_d844b8734f1fb45ad8a822ff442cea23ced3141_3486005a_52676790-a461-4f19-a7ba-cc778124643c\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.4457903104646446 |
Encrypted: | false |
SSDEEP: | 384:wLkB+1HBU/qaUC0t9MVzzuiF1Y4IO8/7:it1HBU/qa29MZzuiF1Y4IO8 |
MD5: | CAA6941BFBBF1A1F1585D14454677E20 |
SHA1: | 2AE8BF7C8D50F29D8993B9A29D1A0FA805CF9CE2 |
SHA-256: | AC933BC15FE3D86148965F71441DF5D9E54A78D6E3A1402FA6D3A3DD8A220694 |
SHA-512: | F4420B3D820F265AE9167C1AF2AF9FAC653750B1E89DBF273F453049D1CC88DC1FC91915AA9615873842A6821B7422E6235BDAEA9854C21ECA43F5C15E99AB67 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 394169 |
Entropy (8bit): | 3.64155410806019 |
Encrypted: | false |
SSDEEP: | 3072:kECVgwE4uEqxZELTgC7yU8yXdVR47MzHyCjE5AKeO+Z6cMH:k1OwE48Z6TgC7yzytVS7yHtj77Oc6HH |
MD5: | 873584A7C5B1D1AA095C30530AFC6C12 |
SHA1: | 16E1FF462E9686530D03CC5A453DEC77FDD985E6 |
SHA-256: | 045CFE56EEEEE2093BEC255AD48D7466F88D38F5A8320AF203D13F9324107F55 |
SHA-512: | FED18DCE645236945EC8E8F485CFDF4E6392E3D16D0D21E7A1E0C8F5AFE127FD1418F6FE060D859AFD5564C9D7193153F752DD2067AB37668FE78D2A04CAB886 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6504 |
Entropy (8bit): | 3.7144177633347386 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJJ26QolrAYk4jY4kLpr889bwl7sflWdm:R6lXJ46UYkJ4k/wlAf4A |
MD5: | 3CC03F4FFE0E743245F6C038D0B2BBE7 |
SHA1: | A70E758F6450BEED1D24D02A707FE95B58E785FA |
SHA-256: | 01EFF8F69A3785C6EEB0F664663F1633351B65ADBDE108477535AC20E18A741B |
SHA-512: | 2E31D7F3FF39DCCF0BF29C364D7489C346380B0F84A180561C3A2E484CFD540FF5B4598BBBC757EA06451056EBDC5EF9DA94B5ACC132EC80FD3C1DEFE94AD13B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4855 |
Entropy (8bit): | 4.456507852625626 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9PUrWpW8VYj5Ym8M4JfuQ3FYo+q8vR9QKQgLuOLukrd:uIjfHI7NUa7VJJfu2K3lBukukrd |
MD5: | AD0D01FE68056A0A2EFC1A18C44827E9 |
SHA1: | 9A7D4A885CE8C28D67D824F44F5DCDF17BC52103 |
SHA-256: | 78DA2ADFD2DEABE6D80507C9503EA592DBBBE4866F7F87672ECC183AACCE935C |
SHA-512: | CB1CECFC9EE33CF26A2914997257633E0224F451149DDF3CFB0F8ACE6AF99C40CBCBF2B48DF319FB6B3DB9435698D6451FFAC7A4869E12A27C3E903A0EF6DB45 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rDoc5633276235623657_xls.exe.log
Download File
Process: | C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 847 |
Entropy (8bit): | 5.345615485833535 |
Encrypted: | false |
SSDEEP: | 24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR |
MD5: | EEEC189088CC5F1F69CEE62A3BE59EA2 |
SHA1: | 250F25CE24458FC0C581FDDF59FAA26D557844C5 |
SHA-256: | 5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11 |
SHA-512: | 2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 2.5793180405395284 |
Encrypted: | false |
SSDEEP: | 96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz |
MD5: | 41EA9A4112F057AE6BA17E2838AEAC26 |
SHA1: | F2B389103BFD1A1A050C4857A995B09FEAFE8903 |
SHA-256: | CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB |
SHA-512: | 29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.08235737944063153 |
Encrypted: | false |
SSDEEP: | 12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO |
MD5: | 369B6DD66F1CAD49D0952C40FEB9AD41 |
SHA1: | D05B2DE29433FB113EC4C558FF33087ED7481DD4 |
SHA-256: | 14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D |
SHA-512: | 771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.8180424350137764 |
Encrypted: | false |
SSDEEP: | 96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG |
MD5: | 349E6EB110E34A08924D92F6B334801D |
SHA1: | BDFB289DAFF51890CC71697B6322AA4B35EC9169 |
SHA-256: | C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A |
SHA-512: | 2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 764 |
Entropy (8bit): | 5.026075316030624 |
Encrypted: | false |
SSDEEP: | 12:8gc24qvBSWCwdY//b/QfJLHHVjAs1rHk7zvVoVoBmV:8gmqvBNj+TQtnhAs1YnvSGBm |
MD5: | F5F4A0B8619BE64851C649E0ADE69882 |
SHA1: | 403C5AB7043DAE11C27646C8A30984B4C524BEB8 |
SHA-256: | 107A3CC92165C71DBA5F42B8CE96EEB8E32CE974DC3D5E63564348E7031380FB |
SHA-512: | 97D5344786F366D144266FCDEB80B2E9C83901FF9227E54BB1C874A9520578ACAB3E26A12E7537B7ABEB0EBB9ECD7220C5F3E6ECD92428E6A8DF4532D868F059 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65440 |
Entropy (8bit): | 6.049806962480652 |
Encrypted: | false |
SSDEEP: | 768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY |
MD5: | 0D5DF43AF2916F47D00C1573797C1A13 |
SHA1: | 230AB5559E806574D26B4C20847C368ED55483B0 |
SHA-256: | C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC |
SHA-512: | F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466325816864925 |
Encrypted: | false |
SSDEEP: | 6144:oIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNmdwBCswSb+:9XD94zWlLZMM6YFH8++ |
MD5: | A55A2F63E9052A80B2F5E027DB810BEF |
SHA1: | 2D18D4AE008E2D7F3EBC4645CCAA957D575CEF27 |
SHA-256: | 7929FAF156512156518E9D366BE3A3CE9D529394165CB63203C34DF2DDE99F4E |
SHA-512: | 320ACE80A2A493F4FFD877D9DD11ADCF0750DD76DDBB1CA96B2A2B5BD46B9532E50B2452DA5FEF70784B499E44017A7D38A58C96CBB9160BA055EA9B68A38205 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.039108263599789 |
TrID: |
|
File name: | rDoc5633276235623657_xls.exe |
File size: | 86'528 bytes |
MD5: | d5489da5aa14ed9d71d8338ec41a1bc1 |
SHA1: | fe04a678f7d95ed31bd364e0a8a4831964f2b84f |
SHA256: | 96dea95151b45309d8bda1112f842802e852a15ac2173b0023b1ba35deae5ec1 |
SHA512: | 68ae7b3c2367f9a2124dba4549ee90dede2fd12552acb7823eae42ffa014e7f4b37cb95b836d01de1270cbc3a48d2903988dc69d1f4f7646d39a9d0b7c77a940 |
SSDEEP: | 1536:WGOLl+jxSwe51ZMXEw1PfEeRH0bndlu630VDx:WGOBCtE1ZpwJbSndTEVDx |
TLSH: | 1783190A3AC5C705D4E4BAF981F7591207A2BDD22231C24A6DF83B694E737A3ECC165D |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R................................... ........@.. ....................................`................................ |
Icon Hash: | 8f82989919951d01 |
Entrypoint: | 0x40e48e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x9DC1522E [Fri Nov 14 00:19:58 2053 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe440 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x12000 | 0x83e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1c000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xe3f9 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xc494 | 0xc600 | 0d9ab5613134951677488bb33edd1c38 | False | 0.5494199810606061 | data | 6.163625280817071 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.sdata | 0x10000 | 0x1e8 | 0x200 | ba1a51c546597b8fdcb7d0154e4ab651 | False | 0.857421875 | data | 6.638446248926509 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x12000 | 0x83e8 | 0x8400 | 37bfb2adf08a7790d9ce6bdcc9f0ae0c | False | 0.2878196022727273 | data | 5.210626337188779 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1c000 | 0xc | 0x200 | 14c39fe502ac72bf25ccb283ba4a5b26 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x121c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5487588652482269 | ||
RT_ICON | 0x12628 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.37922138836772984 | ||
RT_ICON | 0x136d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.28060165975103735 | ||
RT_ICON | 0x15c78 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.25614076523382145 | ||
RT_GROUP_ICON | 0x19ea0 | 0x3e | data | 0.7903225806451613 | ||
RT_VERSION | 0x19ee0 | 0x31c | data | 0.42839195979899497 | ||
RT_MANIFEST | 0x1a1fc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T13:26:25.809760+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:26.063538+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:26.102394+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:26.208741+0200 | 2853192 | ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.711240+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.711240+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.904405+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.904405+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.932266+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:27.932266+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.041739+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.041739+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.151091+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.151091+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.260478+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.260478+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.382753+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.382753+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.495593+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.495593+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.605361+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.605361+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.730651+0200 | 2852873 | ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:28.730651+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49737 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:36.919201+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:36.921165+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:42.669326+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:42.669326+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:47.301601+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:47.304152+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:26:57.820236+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:26:57.825196+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:08.430346+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:08.437665+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:12.607434+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:12.607434+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:19.155830+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:19.157555+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.086278+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.088880+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.398379+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.400282+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.853689+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.856833+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:23.952814+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:23.955308+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:24.050877+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:24.053253+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
2024-09-26T13:27:34.538831+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 178.215.236.218 | 16433 | 192.168.2.4 | 49731 | TCP |
2024-09-26T13:27:34.540801+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49731 | 178.215.236.218 | 16433 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 13:26:09.451642990 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:09.451684952 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:09.451761961 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:09.460674047 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:09.460692883 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.229362011 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.229465961 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.233182907 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.233196974 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.233599901 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.275847912 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.277386904 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.323395967 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.409966946 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410198927 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410295010 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410352945 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.410370111 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410417080 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.410427094 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410523891 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410568953 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.410578966 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410670042 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.410717964 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.410727024 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.414525986 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.414597988 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.414607048 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.463428020 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.463440895 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497339964 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497427940 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497515917 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.497517109 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497548103 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497570038 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.497744083 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497805119 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.497812986 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.497946978 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.498003960 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.498012066 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.498507023 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.498564959 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.498574018 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.498667955 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.498720884 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.498728991 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.499324083 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.499378920 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.499393940 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.499495983 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.499547958 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.499556065 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.500169992 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.500226021 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.500233889 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.500359058 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.500411034 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.500421047 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.501012087 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.501070023 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.501077890 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.501219034 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.501269102 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.501277924 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.541448116 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.584672928 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.584769964 CEST | 443 | 49730 | 162.159.135.233 | 192.168.2.4 |
Sep 26, 2024 13:26:10.584816933 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:10.591582060 CEST | 49730 | 443 | 192.168.2.4 | 162.159.135.233 |
Sep 26, 2024 13:26:15.108289003 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:15.114156008 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:15.114249945 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:15.202265978 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:15.208235979 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:25.809760094 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:25.814533949 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.063538074 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.102394104 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.107825994 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.206572056 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.208740950 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.213510036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844450951 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844463110 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844471931 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844517946 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844533920 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844551086 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844559908 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844571114 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.844580889 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.844733953 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.845097065 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.845108032 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.845119953 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.845129967 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.845159054 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.845201969 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.849428892 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.900988102 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.930855036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935447931 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935458899 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935467958 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935478926 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935492039 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935502052 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935617924 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.935619116 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.935864925 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935874939 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.935935974 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.936697960 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936708927 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936727047 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936737061 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936747074 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936758995 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.936758995 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.936789989 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.937093019 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937127113 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937138081 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937148094 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.937181950 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.937258959 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937269926 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937279940 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.937310934 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.938149929 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.938160896 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.938172102 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.938182116 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:26.938201904 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:26.938231945 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.026238918 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026251078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026262045 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026309013 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026319981 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026329994 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026448965 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.026448965 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.026766062 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026777029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026787043 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026820898 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026827097 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.026834011 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026845932 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.026870012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.026897907 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.027754068 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027775049 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027786016 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027823925 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.027853966 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027865887 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027883053 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.027899981 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.027931929 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.028661966 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028719902 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028728962 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028772116 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.028774023 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028817892 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.028837919 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028847933 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.028892040 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.029654980 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029720068 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029786110 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.029798031 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029808044 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029819012 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029828072 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.029849052 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.029875994 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.030677080 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030687094 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030697107 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030734062 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030745029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030751944 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.030755043 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.030821085 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.031660080 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.031675100 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.031687021 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.031697989 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.031708002 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.031718016 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.031737089 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.031748056 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.116864920 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.116878033 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.116888046 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117120981 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117162943 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117172956 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117182016 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117199898 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117211103 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117219925 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117233038 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117244005 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117244005 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117253065 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117255926 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117266893 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117276907 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117284060 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117294073 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117321968 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.117971897 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117983103 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.117994070 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118004084 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118030071 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118051052 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118410110 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118424892 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118443012 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118453026 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118463039 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118473053 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118484020 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118489027 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118494034 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118505001 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118508101 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118515015 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.118520975 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118537903 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.118560076 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.119106054 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119116068 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119124889 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119155884 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.119163036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119177103 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119188070 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119199038 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119223118 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.119256973 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119266987 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119276047 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119286060 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.119304895 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.119332075 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.120065928 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.120075941 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.120088100 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.120106936 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.120116949 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.120132923 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.120165110 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122106075 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122152090 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122164965 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122220039 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122240067 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122257948 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122267008 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122277975 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122292042 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122332096 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122518063 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122526884 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122572899 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122591972 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122602940 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122616053 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122626066 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122636080 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122638941 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.122648954 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.122749090 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.123450041 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123460054 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123469114 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123493910 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123501062 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.123505116 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123516083 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123524904 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.123536110 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.123554945 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.124080896 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124092102 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124102116 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124130011 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.124150991 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.124245882 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124255896 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124265909 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124278069 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.124330997 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.158149004 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.158164024 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.158176899 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.158216000 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208728075 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208740950 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208750010 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208779097 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208786011 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208789110 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208800077 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208811998 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208826065 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208826065 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208852053 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208920956 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208931923 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208941936 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208951950 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208961964 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208971977 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208978891 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.208983898 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.208992004 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209023952 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209048986 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209059954 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209069014 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209079027 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209089994 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209100962 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209104061 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209112883 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209121943 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209145069 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209152937 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209156036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209172010 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209189892 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209201097 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209204912 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209212065 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209222078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209242105 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209252119 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209254980 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209271908 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209281921 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209305048 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209405899 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209417105 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209427118 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209435940 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209445953 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209450006 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209458113 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209466934 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209474087 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209479094 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209487915 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209498882 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209503889 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209537029 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.209916115 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209966898 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.209974051 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214090109 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214107037 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214117050 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214154959 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214159012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214196920 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214200974 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214211941 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214260101 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214265108 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214271069 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214282036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214298964 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214327097 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214335918 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214337111 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214348078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214359045 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214375019 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214411974 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214442968 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214453936 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214462996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214473009 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214483976 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214493990 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214498043 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214526892 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214548111 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214658976 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214669943 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214680910 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214689970 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214700937 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214709997 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214709997 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214724064 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214740992 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214756012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214797020 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214807987 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214817047 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214832067 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214842081 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214842081 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214853048 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214864016 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214873075 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214874029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214889050 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214890003 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214900017 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214910984 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214914083 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214921951 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.214932919 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.214968920 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.215261936 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.215310097 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.215337038 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.215349913 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.215359926 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.215403080 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219197035 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219224930 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219254017 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219285965 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219295979 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219336033 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219458103 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219505072 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219566107 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219575882 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219587088 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219597101 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219608068 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219611883 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219619036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219645977 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219657898 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219722986 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219736099 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219746113 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219755888 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219765902 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219778061 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219779968 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219789028 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219799042 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219809055 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219810009 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219820023 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219824076 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219830036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219846010 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219898939 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.219918013 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.219940901 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.220000982 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.220010996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.220076084 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.248683929 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248693943 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248761892 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.248764992 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248775959 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248785973 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248820066 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248821974 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.248830080 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248838902 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.248872042 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.248893976 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298091888 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298135996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298146963 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298156977 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298204899 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298295021 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298305035 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298314095 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298326969 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298336983 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298343897 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298353910 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298363924 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298372984 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298393011 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298511028 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298521042 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298532009 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298541069 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.298563004 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.298589945 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300072908 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300082922 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300092936 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300102949 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300112963 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300122976 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300132990 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300137043 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300173044 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300215960 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300226927 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300241947 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300251961 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300261974 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300271988 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300273895 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300282955 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300302029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300304890 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300312996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300322056 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300331116 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300333977 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300345898 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300345898 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300358057 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300365925 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300389051 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300396919 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300409079 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300420046 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300441980 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300457001 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300515890 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300525904 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300535917 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300544024 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300554037 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.300570011 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.300596952 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.303076029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.303086996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.303097010 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.303109884 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.303145885 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.303169012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.304968119 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.304980040 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.304990053 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305017948 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305027962 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305032015 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305037975 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305049896 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305083036 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305109978 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305130005 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305140018 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305150032 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305160999 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305177927 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305195093 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305196047 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305224895 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305236101 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305238008 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305248976 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305258036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305263996 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305284977 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305305004 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305429935 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305440903 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305452108 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305485010 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305584908 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305596113 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305607080 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305617094 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305628061 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305639029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305649996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305654049 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305654049 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305661917 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305674076 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305685043 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305686951 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305697918 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305704117 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305711985 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.305720091 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.305736065 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.306011915 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306024075 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306035042 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306063890 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.306097031 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.306109905 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306121111 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306132078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306162119 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.306235075 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306246042 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.306292057 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.308048010 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.308096886 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.308115005 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.309952021 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.309962034 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.309972048 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.309982061 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.309995890 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310012102 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310326099 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310370922 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310383081 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310394049 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310414076 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310442924 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310499907 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310509920 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310519934 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310528994 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310539961 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310545921 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310550928 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310565948 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310590982 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310592890 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.310600996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.310642958 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.340189934 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340200901 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340212107 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340260983 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.340282917 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.340298891 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340310097 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340320110 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340331078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.340353012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.340384960 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.388789892 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388808966 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388818979 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388860941 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.388909101 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388921022 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388931990 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388942957 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388955116 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388964891 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.388973951 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388986111 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.388997078 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.388997078 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389009953 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389020920 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389033079 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389036894 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389065027 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389094114 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389228106 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389287949 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389297009 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389341116 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389374971 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389386892 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389399052 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389414072 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389416933 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389445066 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389486074 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389497042 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389511108 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389538050 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389558077 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389579058 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389590979 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389600992 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389612913 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389624119 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389636993 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389668941 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389801979 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389812946 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389822960 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389863968 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389868021 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389875889 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389888048 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389898062 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389909029 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.389926910 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.389961958 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.390129089 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390142918 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390149117 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390167952 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390168905 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.390189886 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.390362024 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390413046 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.390423059 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390434980 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390445948 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.390470982 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.393822908 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.393874884 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.393882036 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394130945 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394170046 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394267082 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394279003 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394289970 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394301891 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394313097 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394321918 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394325018 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394356012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394366980 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394373894 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394386053 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394397020 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394407988 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394419909 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394424915 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394431114 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394442081 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394452095 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394458055 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394465923 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394475937 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394495010 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394525051 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394536018 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394566059 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394587040 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394629955 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394771099 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394783020 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394793987 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394812107 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394819021 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394824028 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394836903 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394849062 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394861937 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394861937 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394874096 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394887924 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.394898891 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394918919 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.394932032 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.586524010 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.591433048 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.591530085 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.711240053 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.903140068 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.904405117 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.909172058 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:27.932265997 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:27.937041044 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.041738987 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.046591043 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.151091099 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.155890942 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.260478020 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.268225908 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.382752895 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.387531042 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.495593071 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.500375986 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.605360985 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.610202074 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.730650902 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.735466957 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.753813982 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.754045963 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:28.758636951 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758740902 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758750916 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758761883 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758773088 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758783102 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.758882999 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.759221077 CEST | 16433 | 49737 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:28.759279013 CEST | 49737 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:36.417373896 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:36.729162931 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:36.739430904 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:36.739866972 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:36.919200897 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:36.921164989 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:36.926048994 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:42.669326067 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:42.713447094 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:47.026261091 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:47.031102896 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:47.301600933 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:47.304152012 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:47.309065104 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:57.636315107 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:57.641375065 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:57.820235968 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:26:57.825196028 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:26:57.830471992 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:08.245243073 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:08.250122070 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:08.430346012 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:08.437664986 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:08.442496061 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:12.607434034 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:12.651014090 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:18.972790956 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:18.978454113 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:19.155829906 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:19.157555103 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:19.162441969 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:22.901410103 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:22.906230927 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.086277962 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.088880062 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.093709946 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.135647058 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.140558004 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.398379087 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.400281906 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.405152082 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.495127916 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.685563087 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.729665995 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.734560966 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.745338917 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.750127077 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.853688955 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.856832981 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.862082005 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.952814102 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:23.955307961 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:23.960165024 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:24.050877094 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:24.053252935 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:24.058089018 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:34.354515076 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:34.360294104 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:34.538830996 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:34.540801048 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Sep 26, 2024 13:27:34.545741081 CEST | 16433 | 49731 | 178.215.236.218 | 192.168.2.4 |
Sep 26, 2024 13:27:38.613293886 CEST | 49731 | 16433 | 192.168.2.4 | 178.215.236.218 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 13:26:09.438549995 CEST | 55909 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 13:26:09.446840048 CEST | 53 | 55909 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 13:26:28.676868916 CEST | 53 | 54462 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2024 13:26:09.438549995 CEST | 192.168.2.4 | 1.1.1.1 | 0x6c50 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2024 13:26:09.446840048 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c50 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 13:26:09.446840048 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c50 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 13:26:09.446840048 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c50 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 13:26:09.446840048 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c50 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 13:26:09.446840048 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c50 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 162.159.135.233 | 443 | 6696 | C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 11:26:10 UTC | 228 | OUT | |
2024-09-26 11:26:10 UTC | 1197 | IN | |
2024-09-26 11:26:10 UTC | 529 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN | |
2024-09-26 11:26:10 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:26:08 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x970000 |
File size: | 86'528 bytes |
MD5 hash: | D5489DA5AA14ED9D71D8338EC41A1BC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 07:26:09 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:26:09 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb10000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 07:27:35 |
Start date: | 26/09/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5c0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 33.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 17.5% |
Total number of Nodes: | 80 |
Total number of Limit Nodes: | 4 |
Graph
Function 02B02B28 Relevance: 1.9, Strings: 1, Instructions: 616COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B011D8 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B02210 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B02240 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B03C51 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B021F8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B03B89 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B02228 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B03D20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B02258 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B03EB9 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0107D76D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0107D76C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02B02B21 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 13.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 66 |
Total number of Limit Nodes: | 10 |
Graph
Function 06684A18 Relevance: 9.1, Strings: 7, Instructions: 336COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066024E8 Relevance: 4.6, Strings: 3, Instructions: 873COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06681010 Relevance: 2.0, Strings: 1, Instructions: 746COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06680FFF Relevance: 1.7, Strings: 1, Instructions: 412COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06661498 Relevance: .8, Instructions: 826COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06605670 Relevance: .6, Instructions: 606COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666B408 Relevance: .4, Instructions: 428COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666DB20 Relevance: .4, Instructions: 407COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660040 Relevance: .4, Instructions: 372COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06661488 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666B3F8 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066882D8 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066882CA Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06681D48 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666F558 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660022 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06684A08 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066849D8 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06603C30 Relevance: 6.5, Strings: 5, Instructions: 216COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06686B80 Relevance: 5.7, Strings: 4, Instructions: 706COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06603C22 Relevance: 4.0, Strings: 3, Instructions: 210COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06600040 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664700 Relevance: 3.0, Strings: 2, Instructions: 491COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664710 Relevance: 3.0, Strings: 2, Instructions: 486COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668BC20 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066638B8 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668C248 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06680040 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668D8E7 Relevance: 2.5, Strings: 2, Instructions: 25COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0133B860 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01335A4A Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01335A50 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0133B2F0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0133B930 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666F568 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663563 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06689C0B Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06686B71 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06689C28 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066652D0 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06689890 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668F0D9 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06689880 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06601018 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668F0E8 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669EE0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0660FCF0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066692D8 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066692C9 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664521 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664530 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666D05A Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666D068 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664648 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664658 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06668790 Relevance: .5, Instructions: 497COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06668780 Relevance: .5, Instructions: 493COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06684468 Relevance: .4, Instructions: 392COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06686098 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669628 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665678 Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06680228 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666FBA8 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066038A8 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660A10 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06686908 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665A80 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666C158 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665A90 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663B81 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066808F8 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066607B0 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066808E8 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06686089 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666C149 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A008 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666F278 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663BE5 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663BE8 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660D40 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06605660 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666FB98 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06600EDA Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664F08 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066868F7 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A210 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06680006 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BB70 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066886F7 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BCB0 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BC9F Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666F268 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06688737 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666D9F0 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06683CD9 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662858 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BB80 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06664EF9 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666DA00 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06683CE8 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668F298 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066886C7 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663A90 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A691 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012ED0EC Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066607A0 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668F2A8 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066031CA Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06603298 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06688768 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066652C0 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066031D8 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663E29 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066032A8 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660D3F Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669500 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06688778 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668DB38 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666EC90 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066622F0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669618 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669ED0 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A200 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06603B70 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012ED0E7 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663E38 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668DB48 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066622F8 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06601709 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663360 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663459 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665189 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666297A Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06689ED9 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668B3F8 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BAE0 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066901F5 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666EC80 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066627E8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668B38F Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669D9F Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665258 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666BAF0 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066629FC Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06690210 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066016B0 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06603B80 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666CF58 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06661429 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06665198 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066681A8 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662988 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066627F8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06663468 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662789 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669D40 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666D130 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EE78 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660757 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668DA98 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669568 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066613E0 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666272F Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669510 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066681B8 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668B3A0 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662730 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EE2F Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06661438 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662928 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066626DA Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066695D0 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669DB0 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666D140 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662798 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066694B8 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066628E1 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662890 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A1B8 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EEC8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EE88 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06668739 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06669578 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066634ED Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666F42F Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06662938 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660768 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06668748 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066634F0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066613F0 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EE40 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066626E8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066634B7 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666A1C8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06600AA8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066628F0 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 066010C5 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668EED8 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06601740 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0668BBF2 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0666731D Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06660F28 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06680B60 Relevance: 6.4, Strings: 5, Instructions: 173COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|