Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6524 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 5F3D49BFFED0DA5D969582BD92FED715) - file.tmp (PID: 6312 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-CJF RT.tmp\fil e.tmp" /SL 5="$20434, 3031792,56 832,C:\Use rs\user\De sktop\file .exe" MD5: 499BD324F6DD0DF600B61BE36E26B612) - gerdaplay3se.exe (PID: 4052 cmdline:
"C:\Users\ user\AppDa ta\Local\G erda Play3 SE\gerdap lay3se.exe " -i MD5: D9BDC42F41BCE78D0C9D0FB3AC33D0DF)
- cleanup
{"C2 list": ["ceyqbgr.net"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T17:31:53.456689+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:56.349470+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:56.885180+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:58.025467+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57522 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:59.024528+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57523 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:59.852769+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57524 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:00.689985+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.039539+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.393119+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.913473+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:02.267509+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:03.067039+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57527 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:03.418240+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57527 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:04.272954+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57528 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:05.215372+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57529 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:06.018644+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57530 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:06.373694+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57530 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:07.205985+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57531 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:08.108983+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57532 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:08.923277+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57533 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:09.753087+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57534 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:10.885803+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57535 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:11.795330+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57536 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:12.695074+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57537 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:13.253377+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57537 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:14.187113+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57538 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:15.019151+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57539 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:15.855427+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57540 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:16.706911+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57541 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:17.056712+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57541 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:17.927819+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:18.382123+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:18.733642+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:19.582795+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57544 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:19.931095+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57544 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:20.791335+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57545 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:21.648710+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57547 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:22.019903+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57547 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:22.948397+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57548 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:23.788572+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:24.221834+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:24.572523+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:25.416569+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57550 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:26.238460+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57551 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:26.620409+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57551 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:27.662406+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57552 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:28.011305+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57552 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:28.894011+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57553 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:29.250014+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57553 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:30.081909+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57554 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:30.439564+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57554 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:31.293799+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57555 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:32.209370+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57556 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:32.559173+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57556 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:33.392448+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57557 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:34.215126+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57558 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.049986+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.411257+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.763988+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:36.594047+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57560 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:37.422418+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57561 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:38.261246+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57562 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:39.289194+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57563 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:40.123339+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57564 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:40.924876+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57565 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:41.880651+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57566 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:42.250934+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57566 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:43.068978+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57567 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:43.421271+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57567 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.253485+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.601827+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.946316+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:48.796979+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57570 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:49.614077+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57571 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:49.962516+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57571 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:50.807144+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57572 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:51.669495+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57573 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:52.719678+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57574 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:53.621360+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57575 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:54.453355+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57576 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:55.380008+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57577 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:56.275356+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57578 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:57.202034+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57579 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:58.046291+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57580 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:58.953477+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57581 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:59.949927+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57582 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:00.772029+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57583 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:01.633142+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57584 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:02.493932+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57585 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:03.387368+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57586 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:04.249909+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.6 | 57587 | 185.208.158.248 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Code function: | 1_2_0045D230 | |
Source: | Code function: | 1_2_0045D2E4 | |
Source: | Code function: | 1_2_0045D2FC | |
Source: | Code function: | 1_2_10001000 | |
Source: | Code function: | 1_2_10001130 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00452AD4 | |
Source: | Code function: | 1_2_004753C4 | |
Source: | Code function: | 1_2_00464200 | |
Source: | Code function: | 1_2_0049877C | |
Source: | Code function: | 1_2_004627F8 | |
Source: | Code function: | 1_2_00463D84 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 3_2_02D672AB |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0042F594 | |
Source: | Code function: | 1_2_00423B94 | |
Source: | Code function: | 1_2_004125E8 | |
Source: | Code function: | 1_2_00478EFC | |
Source: | Code function: | 1_2_0045763C |
Source: | Code function: | 1_2_0042E944 |
Source: | Code function: | 0_2_00409448 | |
Source: | Code function: | 1_2_0045568C |
Source: | Code function: | 0_2_0040840C | |
Source: | Code function: | 1_2_004708A0 | |
Source: | Code function: | 1_2_00480E7E | |
Source: | Code function: | 1_2_0043533C | |
Source: | Code function: | 1_2_0046744C | |
Source: | Code function: | 1_2_00488014 | |
Source: | Code function: | 1_2_004303D0 | |
Source: | Code function: | 1_2_0048E4AC | |
Source: | Code function: | 1_2_0044453C | |
Source: | Code function: | 1_2_00434638 | |
Source: | Code function: | 1_2_00444AE4 | |
Source: | Code function: | 1_2_00430F5C | |
Source: | Code function: | 1_2_004870B4 | |
Source: | Code function: | 1_2_0045F16C | |
Source: | Code function: | 1_2_004451DC | |
Source: | Code function: | 1_2_0045B21C | |
Source: | Code function: | 1_2_004694C8 | |
Source: | Code function: | 1_2_004455E8 | |
Source: | Code function: | 1_2_00451A30 | |
Source: | Code function: | 1_2_0043DDC4 | |
Source: | Code function: | 3_2_00401051 | |
Source: | Code function: | 3_2_00401C26 | |
Source: | Code function: | 3_2_02D9BCEB | |
Source: | Code function: | 3_2_02D9B4E5 | |
Source: | Code function: | 3_2_02D9BD58 | |
Source: | Code function: | 3_2_02D9B950 | |
Source: | Code function: | 3_2_02D853A0 | |
Source: | Code function: | 3_2_02D7E18D | |
Source: | Code function: | 3_2_02D79E84 | |
Source: | Code function: | 3_2_02D84E29 | |
Source: | Code function: | 3_2_02D6EFB1 | |
Source: | Code function: | 3_2_02D7DC99 | |
Source: | Code function: | 3_2_02D78442 | |
Source: | Code function: | 3_2_02D7AC3A | |
Source: | Code function: | 3_2_02D82DB4 | |
Source: | Code function: | 3_2_02D7E5A5 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_02D708B8 |
Source: | Code function: | 0_2_00409448 | |
Source: | Code function: | 1_2_0045568C |
Source: | Code function: | 1_2_00455EB4 |
Source: | Code function: | 3_2_0040270C |
Source: | Code function: | 1_2_0046E1E4 |
Source: | Code function: | 0_2_00409C34 |
Source: | Code function: | 3_2_0040254E |
Source: | Code function: | 3_2_0040254E |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00450334 |
Source: | Static PE information: |
Source: | Code function: | 0_2_004065FD | |
Source: | Code function: | 0_2_004040F1 | |
Source: | Code function: | 0_2_00408109 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_0040C219 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00404389 | |
Source: | Code function: | 0_2_00408F63 | |
Source: | Code function: | 1_2_00484572 | |
Source: | Code function: | 1_2_00409991 | |
Source: | Code function: | 1_2_00458090 | |
Source: | Code function: | 1_2_004062C5 | |
Source: | Code function: | 1_2_004104F5 | |
Source: | Code function: | 1_2_00412993 | |
Source: | Code function: | 1_2_0049AD3F | |
Source: | Code function: | 1_2_0040CE4A | |
Source: | Code function: | 1_2_004593B4 | |
Source: | Code function: | 1_2_00495389 | |
Source: | Code function: | 1_2_0040F3AA | |
Source: | Code function: | 1_2_004054A9 | |
Source: | Code function: | 1_2_004434B8 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00405741 | |
Source: | Code function: | 1_2_00451897 | |
Source: | Code function: | 1_2_00451A35 | |
Source: | Code function: | 1_2_00485B61 | |
Source: | Code function: | 1_2_00419C3D | |
Source: | Code function: | 1_2_0045FDC8 |
Persistence and Installation Behavior |
---|
Source: | Code function: | 3_2_00401A4F | |
Source: | Code function: | 3_2_02D6F7DA |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Code function: | 3_2_00401A4F | |
Source: | Code function: | 3_2_02D6F7DA |
Source: | Code function: | 3_2_0040254E |
Source: | Code function: | 1_2_00423C1C | |
Source: | Code function: | 1_2_00423C1C | |
Source: | Code function: | 1_2_004241EC | |
Source: | Code function: | 1_2_004241A4 | |
Source: | Code function: | 1_2_00418394 | |
Source: | Code function: | 1_2_0042286C | |
Source: | Code function: | 1_2_0042F2F0 | |
Source: | Code function: | 1_2_004175A8 | |
Source: | Code function: | 1_2_00417CDE | |
Source: | Code function: | 1_2_00417CE0 | |
Source: | Code function: | 1_2_00483E20 |
Source: | Code function: | 1_2_0041F128 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 3_2_00401B4B | |
Source: | Code function: | 3_2_02D6F8DE |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_0-5968 |
Source: | Evasive API call chain: | graph_3-18358 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 1_2_00452AD4 | |
Source: | Code function: | 1_2_004753C4 | |
Source: | Code function: | 1_2_00464200 | |
Source: | Code function: | 1_2_0049877C | |
Source: | Code function: | 1_2_004627F8 | |
Source: | Code function: | 1_2_00463D84 |
Source: | Code function: | 0_2_00409B78 |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-6765 | ||
Source: | API call chain: | graph_3-18360 | ||
Source: | API call chain: | graph_3-19648 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_02D800FE |
Source: | Code function: | 3_2_02D800FE |
Source: | Code function: | 1_2_00450334 |
Source: | Code function: | 3_2_02D6648B |
Source: | Code function: | 3_2_02D79468 |
Source: | Code function: | 1_2_00478940 |
Source: | Code function: | 1_2_0042EE28 |
Source: | Code function: | 1_2_0042E0AC |
Source: | Code function: | 3_2_02D6F792 |
Source: | Code function: | 0_2_0040520C | |
Source: | Code function: | 0_2_00405258 | |
Source: | Code function: | 1_2_00408578 | |
Source: | Code function: | 1_2_004085C4 |
Source: | Code function: | 1_2_00458670 |
Source: | Code function: | 0_2_004026C4 |
Source: | Code function: | 1_2_00455644 |
Source: | Code function: | 0_2_00405CF4 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 4 Windows Service | 1 DLL Side-Loading | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Bootkit | 1 Access Token Manipulation | 2 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 4 Windows Service | 1 DLL Side-Loading | NTDS | 35 System Information Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 2 Process Injection | 1 Masquerading | LSA Secrets | 41 Security Software Discovery | SSH | Keylogging | 112 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 2 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Bootkit | /etc/passwd and /etc/shadow | 3 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
5% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
5% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ceyqbgr.net | 185.208.158.248 | true | true | unknown | |
18.31.95.13.in-addr.arpa | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.208.158.248 | ceyqbgr.net | Switzerland | 34888 | SIMPLECARRER2IT | true | |
89.105.201.183 | unknown | Netherlands | 24875 | NOVOSERVE-ASNL | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520633 |
Start date and time: | 2024-09-27 17:30:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@5/26@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
11:31:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.208.158.248 | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
89.105.201.183 | Get hash | malicious | Socks5Systemz | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NOVOSERVE-ASNL | Get hash | malicious | Socks5Systemz | Browse |
| |
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
SIMPLECARRER2IT | Get hash | malicious | Socks5Systemz | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Gerda Play3 SE\Qt5OpenGL.dll (copy) | Get hash | malicious | Socks5Systemz | Browse | ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse | |||
Get hash | malicious | Socks5Systemz | Browse |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3264512 |
Entropy (8bit): | 6.621138966820118 |
Encrypted: | false |
SSDEEP: | 49152:UbrpJskkyKBsYG8204wA3XBU+un8G304iXPPJt:q2viP820JA3XXunANPRt |
MD5: | D9BDC42F41BCE78D0C9D0FB3AC33D0DF |
SHA1: | C4D13F9A91F778222B539DA02B58F3FE069F2333 |
SHA-256: | 4BACC77E67D4ACA2F30C0D3ADF173D9BF18C0653E6362288B7481911C202736F |
SHA-512: | A95F074A16F2D5B577C897DFBF147490CAEC0E9EA0B864CA70735072940974A265AA4E2BC2B1EC42106E19E676BAD47EC822B31BD0790AF207490A82BEC2FB93 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:Ll/:Ll/ |
MD5: | 6EFBBD4B588A8E19A5F96973243199AA |
SHA1: | A62893F88D54BFAD713C2B6D8C608E172B4BBEB5 |
SHA-256: | D7C963C3F366A2D20A921D5C537B75025E344F7DBA6237A702A3B834472C105F |
SHA-512: | C8D8B439AA0FD337414314F0FE2B3D3E5A0762A536542A6EC20AB35641AD2E58348C7672AE7D0348D8A618EF88061F9EF21BAF3A3658CD373C0797FF3DC40264 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:cln:Un |
MD5: | 2DC89ABB98D04AF2C94CC8B59EBD2B63 |
SHA1: | C2568696F7E531313A1300CA830F7051E1A85475 |
SHA-256: | 8D4CD219A8179C66ACD195D0F07C34721C87ED2241A9DE78A228B7B336488BC8 |
SHA-512: | 5085394D311E525AC7B549D4353FDDAAB0BFBA3C291F4B031BA27A0EDD5B71D4DF15BC030CDB7BF09EA3CBDB858F193C9EE5302131F4A823F4CC961F1ADC0AF0 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128 |
Entropy (8bit): | 2.9545817380615236 |
Encrypted: | false |
SSDEEP: | 3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM |
MD5: | 98DDA7FC0B3E548B68DE836D333D1539 |
SHA1: | D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6 |
SHA-256: | 870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D |
SHA-512: | E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128 |
Entropy (8bit): | 1.7095628900165245 |
Encrypted: | false |
SSDEEP: | 3:LDXdQSWBdMUE/:LLdQSGd |
MD5: | 4FFFD4D2A32CBF8FB78D521B4CC06680 |
SHA1: | 3FA6EFA82F738740179A9388D8046619C7EBDF54 |
SHA-256: | EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68 |
SHA-512: | 130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 334848 |
Entropy (8bit): | 6.5257884005400015 |
Encrypted: | false |
SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | modified |
Size (bytes): | 3264512 |
Entropy (8bit): | 6.621138966820118 |
Encrypted: | false |
SSDEEP: | 49152:UbrpJskkyKBsYG8204wA3XBU+un8G304iXPPJt:q2viP820JA3XXunANPRt |
MD5: | D9BDC42F41BCE78D0C9D0FB3AC33D0DF |
SHA1: | C4D13F9A91F778222B539DA02B58F3FE069F2333 |
SHA-256: | 4BACC77E67D4ACA2F30C0D3ADF173D9BF18C0653E6362288B7481911C202736F |
SHA-512: | A95F074A16F2D5B577C897DFBF147490CAEC0E9EA0B864CA70735072940974A265AA4E2BC2B1EC42106E19E676BAD47EC822B31BD0790AF207490A82BEC2FB93 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 334848 |
Entropy (8bit): | 6.5257884005400015 |
Encrypted: | false |
SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 348160 |
Entropy (8bit): | 6.542655141037356 |
Encrypted: | false |
SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1471856 |
Entropy (8bit): | 6.8308189184145665 |
Encrypted: | false |
SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
MD5: | A236287C42F921D109475D47E9DCAC2B |
SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 499712 |
Entropy (8bit): | 6.414789978441117 |
Encrypted: | false |
SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 392048 |
Entropy (8bit): | 6.542831007177094 |
Encrypted: | false |
SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
MD5: | EE856A00410ECED8CC609936D01F954E |
SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 3264512 |
Entropy (8bit): | 6.621138809004119 |
Encrypted: | false |
SSDEEP: | 49152:bbrpJskkyKBsYG8204wA3XBU+un8G304iXPPJt:t2viP820JA3XXunANPRt |
MD5: | A8740950E0037721B6C0B49E9C07BEBB |
SHA1: | 44E25D73106445E81AC5049E89D4FB862388ED12 |
SHA-256: | 1A74AE8780E1EDAFA3639FDE58E9BB8F4960F666681531E1DE67BDC074C81ABC |
SHA-512: | 0A98D882A71699C4002A8D0B71CC973867EBE6A98B2BBEDA7EDFFE9196C2D82CC71B6D4498C327A016A09A4E5D6C027B3EAAB7ED1F0289D058EBD90A7ACADF61 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 719720 |
Entropy (8bit): | 6.620042925263483 |
Encrypted: | false |
SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1471856 |
Entropy (8bit): | 6.8308189184145665 |
Encrypted: | false |
SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
MD5: | A236287C42F921D109475D47E9DCAC2B |
SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 719720 |
Entropy (8bit): | 6.620042925263483 |
Encrypted: | false |
SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 499712 |
Entropy (8bit): | 6.414789978441117 |
Encrypted: | false |
SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 348160 |
Entropy (8bit): | 6.542655141037356 |
Encrypted: | false |
SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 392048 |
Entropy (8bit): | 6.542831007177094 |
Encrypted: | false |
SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
MD5: | EE856A00410ECED8CC609936D01F954E |
SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 720033 |
Entropy (8bit): | 6.5224444313039385 |
Encrypted: | false |
SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbdgUHayxyF8:sQPh1eLSSKrPD37zzH2A6QD/srqggEvM |
MD5: | 5F71B93A871D20C35B2FBB12D7447BEC |
SHA1: | 6AF9BEBF92398CA43B717302F5D0F01301DD6A21 |
SHA-256: | DE828915CAF8D3BFD7933018C6D5A1C2B510396EB198589244AF3EA8CAC83B0B |
SHA-512: | DBA35ED038DB56F96C4EE43C203DA527F4A4D9A58A5B8C6B19087BDD7C32BF7D5B553BEB1A2AFEFE7EF5165E3C99B99A9D4D6B16CB8239707BD67C7F06C306FC |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 4476 |
Entropy (8bit): | 4.60908228428025 |
Encrypted: | false |
SSDEEP: | 96:k8Wfjv88kp/hIK9X+eOIhSv4cVSQs0LCYy:k8Wfb8vp/hyHIhxcVSQ1g |
MD5: | 484690B99869DD2BE827F831C6B05E9C |
SHA1: | E90698F781ABA11ADFC40D24DF4633DD6B241E35 |
SHA-256: | A5F1ABFFBF2230997603713E5B2415FCA8B54A30568430BE7196B8A0369F2126 |
SHA-512: | 2C7DA88CA56AB35C0A7F547AF959FD329A3330D6AE8E0FA6C44737F917C7D6D6E9E78EC8EDAE03FDCB6D00B6E90C4DDEEDAA2EA6967451B3DA116605E8723143 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 720033 |
Entropy (8bit): | 6.5224444313039385 |
Encrypted: | false |
SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbdgUHayxyF8:sQPh1eLSSKrPD37zzH2A6QD/srqggEvM |
MD5: | 5F71B93A871D20C35B2FBB12D7447BEC |
SHA1: | 6AF9BEBF92398CA43B717302F5D0F01301DD6A21 |
SHA-256: | DE828915CAF8D3BFD7933018C6D5A1C2B510396EB198589244AF3EA8CAC83B0B |
SHA-512: | DBA35ED038DB56F96C4EE43C203DA527F4A4D9A58A5B8C6B19087BDD7C32BF7D5B553BEB1A2AFEFE7EF5165E3C99B99A9D4D6B16CB8239707BD67C7F06C306FC |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.8818118453929262 |
Encrypted: | false |
SSDEEP: | 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG |
MD5: | A69559718AB506675E907FE49DEB71E9 |
SHA1: | BC8F404FFDB1960B50C12FF9413C893B56F2E36F |
SHA-256: | 2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC |
SHA-512: | E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 23312 |
Entropy (8bit): | 4.596242908851566 |
Encrypted: | false |
SSDEEP: | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
MD5: | 92DC6EF532FBB4A5C3201469A5B5EB63 |
SHA1: | 3E89FF837147C16B4E41C30D6C796374E0B8E62C |
SHA-256: | 9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 |
SHA-512: | 9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 708608 |
Entropy (8bit): | 6.514146996529036 |
Encrypted: | false |
SSDEEP: | 12288:UQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbdgUHayxyF:UQPh1eLSSKrPD37zzH2A6QD/srqggEvX |
MD5: | 499BD324F6DD0DF600B61BE36E26B612 |
SHA1: | 4DAD284AE727350A0632B3AAB09D6EB7B9D3EC1D |
SHA-256: | 6F53CD1CF8A75A30ECA24BFCFE2B2F0890C3545F20A6F56356C2272A66BEE7A5 |
SHA-512: | 92E83A502CE167873AD80A8A5EE61C40CB64B649E3CA13CEF779FE329D647BBB40B6ECD788C77B05B9AB092C38D3F9B5ADCA2F813F03F90F41FD89AFB48D4888 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.997607003853171 |
TrID: |
|
File name: | file.exe |
File size: | 3'298'104 bytes |
MD5: | 5f3d49bffed0da5d969582bd92fed715 |
SHA1: | 6efbd680de90af1c2ac13eb1a781b3797f6714e4 |
SHA256: | a166a398a327a98b73d33c3ffd0ae68ae1538a79678e4e16c5977aadfa46a395 |
SHA512: | a3c277033c4942f6c78afa49a40f4b1a1751e7b814bde4d0bdd544dd0582010f1f77fead16cc3918eb12b8a08eb96e86e1d82be0af882ad8f34ebb8b5e7cada3 |
SSDEEP: | 49152:e9qpl6w2Sh0/GmssmPSXQn9OjbM2u/o44rrp4F6BV6Lx45VRK7FeAir:4ml6Qh0/XUPSgFFSK6qq5VRaFKr |
TLSH: | 9AE53302EFFA0439F932C7B44900724394652F0D0FE19ED7A2EEA94A4EF79254939767 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 2d2e3797b32b2b99 |
Entrypoint: | 0x40a5f8 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 1 |
OS Version Minor: | 0 |
File Version Major: | 1 |
File Version Minor: | 0 |
Subsystem Version Major: | 1 |
Subsystem Version Minor: | 0 |
Import Hash: | 884310b1928934402ea6fec1dbd3cf5e |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-10h], eax |
mov dword ptr [ebp-24h], eax |
call 00007F636481E483h |
call 00007F636481F68Ah |
call 00007F636481F919h |
call 00007F636481F9BCh |
call 00007F636482195Bh |
call 00007F63648242C6h |
call 00007F636482442Dh |
xor eax, eax |
push ebp |
push 0040ACC9h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 0040AC92h |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [0040C014h] |
call 00007F6364824EDBh |
call 00007F6364824AC6h |
cmp byte ptr [0040B234h], 00000000h |
je 00007F63648259BEh |
call 00007F6364824FD8h |
xor eax, eax |
call 00007F636481F179h |
lea edx, dword ptr [ebp-10h] |
xor eax, eax |
call 00007F6364821F6Bh |
mov edx, dword ptr [ebp-10h] |
mov eax, 0040CE2Ch |
call 00007F636481E51Ah |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [0040CE2Ch] |
mov dl, 01h |
mov eax, 0040738Ch |
call 00007F63648227FAh |
mov dword ptr [0040CE30h], eax |
xor edx, edx |
push ebp |
push 0040AC4Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F6364824F36h |
mov dword ptr [0040CE38h], eax |
mov eax, dword ptr [0040CE38h] |
cmp dword ptr [eax+0Ch], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd000 | 0x950 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11000 | 0x2c00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xf000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x9d30 | 0x9e00 | 04ffdb46e50716ec8cb7db42819802fd | False | 0.6052956882911392 | data | 6.631603395825714 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0xb000 | 0x250 | 0x400 | beee52f18301950f82460d9ffe5aec7e | False | 0.306640625 | data | 2.7547169534996403 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0xc000 | 0xe90 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xd000 | 0x950 | 0xa00 | bb5485bf968b970e5ea81292af2acdba | False | 0.414453125 | data | 4.430733069799036 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xe000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xf000 | 0x18 | 0x200 | 9ba824905bf9c7922b6fc87a38b74366 | False | 0.052734375 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x10000 | 0x8c4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x11000 | 0x2c00 | 0x2c00 | 5305601982e1fdf0c6302dfb1a01e5a8 | False | 0.3340731534090909 | data | 4.593307861189122 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x11354 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
RT_ICON | 0x1147c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
RT_ICON | 0x119e4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
RT_ICON | 0x11ccc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
RT_STRING | 0x12574 | 0x2f2 | data | 0.35543766578249336 | ||
RT_STRING | 0x12868 | 0x30c | data | 0.3871794871794872 | ||
RT_STRING | 0x12b74 | 0x2ce | data | 0.42618384401114207 | ||
RT_STRING | 0x12e44 | 0x68 | data | 0.75 | ||
RT_STRING | 0x12eac | 0xb4 | data | 0.6277777777777778 | ||
RT_STRING | 0x12f60 | 0xae | data | 0.5344827586206896 | ||
RT_RCDATA | 0x13010 | 0x2c | data | 1.1818181818181819 | ||
RT_GROUP_ICON | 0x1303c | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x1307c | 0x4f4 | data | English | United States | 0.28470031545741326 |
RT_MANIFEST | 0x13570 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle |
user32.dll | MessageBoxA |
oleaut32.dll | VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA |
kernel32.dll | WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle |
user32.dll | TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA |
comctl32.dll | InitCommonControls |
advapi32.dll | AdjustTokenPrivileges |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T17:31:53.456689+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:56.349470+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:56.885180+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:58.025467+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57522 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:59.024528+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57523 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:31:59.852769+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57524 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:00.689985+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.039539+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.393119+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:01.913473+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:02.267509+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:03.067039+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57527 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:03.418240+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57527 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:04.272954+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57528 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:05.215372+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57529 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:06.018644+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57530 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:06.373694+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57530 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:07.205985+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57531 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:08.108983+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57532 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:08.923277+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57533 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:09.753087+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57534 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:10.885803+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57535 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:11.795330+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57536 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:12.695074+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57537 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:13.253377+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57537 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:14.187113+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57538 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:15.019151+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57539 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:15.855427+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57540 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:16.706911+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57541 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:17.056712+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57541 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:17.927819+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:18.382123+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:18.733642+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:19.582795+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57544 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:19.931095+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57544 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:20.791335+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57545 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:21.648710+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57547 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:22.019903+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57547 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:22.948397+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57548 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:23.788572+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:24.221834+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:24.572523+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:25.416569+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57550 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:26.238460+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57551 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:26.620409+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57551 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:27.662406+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57552 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:28.011305+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57552 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:28.894011+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57553 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:29.250014+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57553 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:30.081909+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57554 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:30.439564+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57554 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:31.293799+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57555 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:32.209370+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57556 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:32.559173+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57556 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:33.392448+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57557 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:34.215126+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57558 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.049986+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.411257+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:35.763988+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:36.594047+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57560 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:37.422418+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57561 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:38.261246+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57562 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:39.289194+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57563 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:40.123339+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57564 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:40.924876+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57565 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:41.880651+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57566 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:42.250934+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57566 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:43.068978+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57567 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:43.421271+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57567 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.253485+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.601827+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:47.946316+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:48.796979+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57570 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:49.614077+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57571 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:49.962516+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57571 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:50.807144+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57572 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:51.669495+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57573 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:52.719678+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57574 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:53.621360+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57575 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:54.453355+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57576 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:55.380008+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57577 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:56.275356+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57578 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:57.202034+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57579 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:58.046291+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57580 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:58.953477+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57581 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:32:59.949927+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57582 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:00.772029+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57583 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:01.633142+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57584 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:02.493932+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57585 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:03.387368+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57586 | 185.208.158.248 | 80 | TCP |
2024-09-27T17:33:04.249909+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.6 | 57587 | 185.208.158.248 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 17:31:52.749265909 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:52.755819082 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:52.755932093 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:52.756558895 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:52.762171030 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:53.456573963 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:53.456688881 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:53.461613894 CEST | 57520 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:53.466964006 CEST | 2023 | 57520 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:53.467058897 CEST | 57520 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:53.467088938 CEST | 57520 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:53.471983910 CEST | 2023 | 57520 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:53.472064018 CEST | 57520 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:53.476986885 CEST | 2023 | 57520 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:54.083472013 CEST | 2023 | 57520 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:54.127579927 CEST | 57520 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:56.101192951 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:56.106278896 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:56.349338055 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:56.349469900 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:56.460501909 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:56.465395927 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:56.885082006 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:56.885179996 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:56.886178017 CEST | 57521 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:57.185530901 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:57.185777903 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.185894012 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:57.185956955 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.186456919 CEST | 2023 | 57521 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:57.186549902 CEST | 57521 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:57.186731100 CEST | 57521 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:57.186808109 CEST | 57521 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:57.191637993 CEST | 2023 | 57521 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:57.236231089 CEST | 2023 | 57521 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:57.304318905 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.304769993 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.309762001 CEST | 80 | 57519 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:57.309825897 CEST | 80 | 57522 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:57.309910059 CEST | 57519 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.310010910 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.310273886 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:57.315100908 CEST | 80 | 57522 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:57.618269920 CEST | 2023 | 57521 | 89.105.201.183 | 192.168.2.6 |
Sep 27, 2024 17:31:57.618609905 CEST | 57521 | 2023 | 192.168.2.6 | 89.105.201.183 |
Sep 27, 2024 17:31:58.025355101 CEST | 80 | 57522 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:58.025466919 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.179517984 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.179939032 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.337076902 CEST | 80 | 57523 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:58.337399006 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.337555885 CEST | 80 | 57522 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:58.337560892 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.337629080 CEST | 57522 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:58.342530966 CEST | 80 | 57523 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.024277925 CEST | 80 | 57523 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.024528027 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.146496058 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.146991968 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.151844025 CEST | 80 | 57523 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.151931047 CEST | 80 | 57524 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.151940107 CEST | 57523 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.152014971 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.152204990 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.157270908 CEST | 80 | 57524 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.852696896 CEST | 80 | 57524 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.852768898 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.974433899 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.974725008 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.980901957 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.980982065 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.981065035 CEST | 80 | 57524 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:31:59.981079102 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.981117964 CEST | 57524 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:31:59.985964060 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:00.689898014 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:00.689985037 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:00.802612066 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:00.807612896 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.039459944 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.039539099 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:01.147798061 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:01.152750015 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.393053055 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.393119097 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:01.505816936 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:01.510751009 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.913379908 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:01.913472891 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.021452904 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.026401997 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:02.267426014 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:02.267508984 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.380629063 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.380903959 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.385750055 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:02.385839939 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.385864019 CEST | 80 | 57526 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:02.385915995 CEST | 57526 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.385979891 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:02.390798092 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.066957951 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.067039013 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.177248001 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.182503939 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.418124914 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.418240070 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.537595987 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.538062096 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.543176889 CEST | 80 | 57528 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.543288946 CEST | 80 | 57527 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:03.543297052 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.543361902 CEST | 57527 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.543560982 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:03.549691916 CEST | 80 | 57528 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:04.272787094 CEST | 80 | 57528 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:04.272953987 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.480695963 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.480981112 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.486056089 CEST | 80 | 57528 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:04.486166000 CEST | 57528 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.486613035 CEST | 80 | 57529 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:04.486758947 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.487080097 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:04.491933107 CEST | 80 | 57529 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:05.215248108 CEST | 80 | 57529 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:05.215372086 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.335589886 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.335915089 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.340792894 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:05.340910912 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.341111898 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.341584921 CEST | 80 | 57529 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:05.341662884 CEST | 57529 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:05.345987082 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.018549919 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.018644094 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.133611917 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.138580084 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.373557091 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.373693943 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.490268946 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.490597010 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.495573997 CEST | 80 | 57531 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.495656967 CEST | 80 | 57530 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:06.495693922 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.495742083 CEST | 57530 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.495858908 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:06.500669003 CEST | 80 | 57531 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:07.205893040 CEST | 80 | 57531 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:07.205985069 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.410235882 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.410672903 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.415601969 CEST | 80 | 57531 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:07.415646076 CEST | 80 | 57532 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:07.415685892 CEST | 57531 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.415766954 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.420233011 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:07.425136089 CEST | 80 | 57532 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.108875036 CEST | 80 | 57532 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.108983040 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.226161957 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.226486921 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.231442928 CEST | 80 | 57533 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.231554985 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.231585026 CEST | 80 | 57532 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.231642008 CEST | 57532 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.231808901 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:08.236603975 CEST | 80 | 57533 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.923155069 CEST | 80 | 57533 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:08.923276901 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.038568974 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.038949013 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.044063091 CEST | 80 | 57533 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:09.044110060 CEST | 80 | 57534 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:09.044146061 CEST | 57533 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.044198990 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.044361115 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.049206972 CEST | 80 | 57534 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:09.752852917 CEST | 80 | 57534 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:09.753087044 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.915524006 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:09.916064978 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:10.164017916 CEST | 80 | 57535 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:10.164076090 CEST | 80 | 57534 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:10.164252043 CEST | 57534 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:10.164305925 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:10.281172037 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:10.288551092 CEST | 80 | 57535 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:10.882915020 CEST | 80 | 57535 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:10.885802984 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.037689924 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.038079023 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.043064117 CEST | 80 | 57535 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.043200016 CEST | 57535 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.043448925 CEST | 80 | 57536 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.043656111 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.043915987 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.048840046 CEST | 80 | 57536 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.795059919 CEST | 80 | 57536 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.795330048 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.924310923 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.924748898 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.929939985 CEST | 80 | 57536 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.930007935 CEST | 57536 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.930315971 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:11.930409908 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.930565119 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:11.936325073 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:12.694988966 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:12.695074081 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:12.802819014 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.011238098 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:13.253220081 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:13.253376961 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.435983896 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.436377048 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.446012974 CEST | 80 | 57538 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:13.446146965 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.446466923 CEST | 80 | 57537 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:13.446535110 CEST | 57537 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.451730967 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:13.457007885 CEST | 80 | 57538 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:14.186856985 CEST | 80 | 57538 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:14.187113047 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.303219080 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.303596020 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.308444977 CEST | 80 | 57538 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:14.308511019 CEST | 57538 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.308809996 CEST | 80 | 57539 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:14.309005022 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.309135914 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:14.314357996 CEST | 80 | 57539 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.019023895 CEST | 80 | 57539 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.019150972 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.138062954 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.138329983 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.143559933 CEST | 80 | 57539 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.143601894 CEST | 80 | 57540 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.143649101 CEST | 57539 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.143690109 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.143862963 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.148768902 CEST | 80 | 57540 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.855298996 CEST | 80 | 57540 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.855427027 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.976039886 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.978034019 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.981439114 CEST | 80 | 57540 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.981551886 CEST | 57540 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.983761072 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:15.983846903 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.984002113 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:15.989377022 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:16.706841946 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:16.706911087 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:16.818640947 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:16.823793888 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.056643963 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.056711912 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.178730011 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.179307938 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.185003996 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.185082912 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.185090065 CEST | 80 | 57541 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.185165882 CEST | 57541 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.185475111 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:17.190468073 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.927685976 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:17.927819014 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.037250042 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.042319059 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.381916046 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.382122993 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.490320921 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.499423981 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.733568907 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.733642101 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.880280972 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.880731106 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.885951042 CEST | 80 | 57543 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.886042118 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:18.886178970 CEST | 57543 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.886204958 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.886420012 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:18.891732931 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:19.582662106 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:19.582794905 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:19.695391893 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:19.700851917 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:19.930829048 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:19.931094885 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.054023027 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.054394960 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.059468031 CEST | 80 | 57544 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.059530973 CEST | 57544 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.060847998 CEST | 80 | 57545 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.060915947 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.061382055 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.066521883 CEST | 80 | 57545 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.791169882 CEST | 80 | 57545 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.791335106 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.913791895 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.914212942 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.935750008 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.935973883 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.936188936 CEST | 80 | 57545 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:20.936194897 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.936263084 CEST | 57545 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:20.944658041 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:21.648509026 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:21.648710012 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:21.776375055 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:21.785347939 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.019803047 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.019902945 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.226665020 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.227411985 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.234528065 CEST | 80 | 57548 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.234606028 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.235565901 CEST | 80 | 57547 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.235645056 CEST | 57547 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.323118925 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:22.329309940 CEST | 80 | 57548 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.948270082 CEST | 80 | 57548 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:22.948396921 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.070029974 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.070327997 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.093708038 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:23.094060898 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.094127893 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.094749928 CEST | 80 | 57548 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:23.094820976 CEST | 57548 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.101970911 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:23.788425922 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:23.788572073 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.897870064 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:23.904593945 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.221721888 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.221833944 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.334002972 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.341485023 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.572361946 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.572523117 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.709328890 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.709652901 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.714659929 CEST | 80 | 57549 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.714740038 CEST | 57549 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.715075970 CEST | 80 | 57550 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:24.715161085 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.715336084 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:24.720508099 CEST | 80 | 57550 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:25.416487932 CEST | 80 | 57550 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:25.416568995 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.538722992 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.539063931 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.544220924 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:25.544377089 CEST | 80 | 57550 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:25.544378996 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.544435024 CEST | 57550 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.544553041 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:25.549863100 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.238362074 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.238460064 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.349770069 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.357597113 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.620265007 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.620409012 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.741010904 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.741281986 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.746634007 CEST | 80 | 57551 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.746702909 CEST | 57551 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.746864080 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:26.746952057 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.747193098 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:26.752331972 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:27.662174940 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:27.662405968 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:27.665425062 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:27.665484905 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:27.775023937 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:27.781681061 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.011087894 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.011305094 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.189316988 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.189733028 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.194720984 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.194858074 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.194942951 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.195715904 CEST | 80 | 57552 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.195780993 CEST | 57552 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:28.200001001 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.893805981 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:28.894011021 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.007306099 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.012238979 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:29.249866009 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:29.250014067 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.366707087 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.366911888 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.371973038 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:29.372095108 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.372184992 CEST | 80 | 57553 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:29.372248888 CEST | 57553 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.372437000 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:29.377343893 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.081671000 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.081908941 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.198513985 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.203428984 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.439491034 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.439563990 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.555721998 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.556090117 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.561175108 CEST | 80 | 57555 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.561206102 CEST | 80 | 57554 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:30.561271906 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.561332941 CEST | 57554 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.565201044 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:30.570049047 CEST | 80 | 57555 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:31.293672085 CEST | 80 | 57555 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:31.293798923 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.492887020 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.493257999 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.499048948 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:31.499135971 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.499277115 CEST | 80 | 57555 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:31.499336958 CEST | 57555 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.500194073 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:31.504976988 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.209187984 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.209369898 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.319962025 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.325781107 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.559019089 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.559173107 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.679567099 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.680027962 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.689781904 CEST | 80 | 57557 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.689908028 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.690319061 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.691375971 CEST | 80 | 57556 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:32.691442013 CEST | 57556 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:32.695538044 CEST | 80 | 57557 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:33.392370939 CEST | 80 | 57557 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:33.392447948 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.510889053 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.511259079 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.516138077 CEST | 80 | 57558 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:33.516248941 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.516256094 CEST | 80 | 57557 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:33.516350031 CEST | 57557 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.516614914 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:33.521473885 CEST | 80 | 57558 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:34.215002060 CEST | 80 | 57558 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:34.215126038 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.335546970 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.335958004 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.340858936 CEST | 80 | 57558 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:34.340998888 CEST | 57558 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.341268063 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:34.341370106 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.341538906 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:34.346564054 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.049894094 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.049985886 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.163914919 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.169114113 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.411149025 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.411257029 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.523046017 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.528268099 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.763844013 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.763988018 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.881186008 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.882026911 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.886912107 CEST | 80 | 57559 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.887052059 CEST | 57559 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.887330055 CEST | 80 | 57560 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:35.887443066 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.887816906 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:35.892852068 CEST | 80 | 57560 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:36.593708038 CEST | 80 | 57560 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:36.594047070 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.709235907 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.709538937 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.714680910 CEST | 80 | 57560 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:36.714813948 CEST | 57560 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.715214968 CEST | 80 | 57561 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:36.715287924 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.715512991 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:36.720536947 CEST | 80 | 57561 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:37.422297955 CEST | 80 | 57561 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:37.422418118 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.539115906 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.539392948 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.544430971 CEST | 80 | 57561 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:37.544517040 CEST | 57561 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.544603109 CEST | 80 | 57562 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:37.544667959 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.544811964 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:37.549809933 CEST | 80 | 57562 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:38.261061907 CEST | 80 | 57562 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:38.261245966 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.573496103 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.573793888 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.579113007 CEST | 80 | 57562 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:38.579190016 CEST | 80 | 57563 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:38.579190969 CEST | 57562 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.579263926 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.579432011 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:38.584592104 CEST | 80 | 57563 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:39.289077997 CEST | 80 | 57563 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:39.289194107 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.411735058 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.412092924 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.417205095 CEST | 80 | 57564 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:39.417356014 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.417424917 CEST | 80 | 57563 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:39.417458057 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.417474985 CEST | 57563 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:39.422401905 CEST | 80 | 57564 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.123241901 CEST | 80 | 57564 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.123338938 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.240262032 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.240572929 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.245757103 CEST | 80 | 57564 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.245826006 CEST | 57564 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.245971918 CEST | 80 | 57565 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.246041059 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.246184111 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:40.251151085 CEST | 80 | 57565 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.924777031 CEST | 80 | 57565 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:40.924875975 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.168057919 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.168339014 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.173345089 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:41.173413038 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.173486948 CEST | 80 | 57565 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:41.173532009 CEST | 57565 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.173532009 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.178508997 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:41.880575895 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:41.880650997 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.990983963 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:41.995995998 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:42.250861883 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:42.250933886 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.365155935 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.365473986 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.370364904 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:42.370456934 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.370565891 CEST | 80 | 57566 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:42.370582104 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.370620012 CEST | 57566 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:42.375344038 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.068851948 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.068978071 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.177799940 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.182832956 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.421175957 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.421271086 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.536762953 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.537163019 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.542056084 CEST | 80 | 57567 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.542130947 CEST | 57567 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.542273998 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:43.542337894 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.542486906 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:43.547504902 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.253375053 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.253484964 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:47.366082907 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:47.371035099 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.601715088 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.601826906 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:47.710699081 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:47.715781927 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.946191072 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:47.946316004 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.068413019 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.068732023 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.074109077 CEST | 80 | 57568 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.074168921 CEST | 80 | 57570 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.074177027 CEST | 57568 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.074255943 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.074552059 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.081239939 CEST | 80 | 57570 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.796789885 CEST | 80 | 57570 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.796978951 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.912103891 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.912491083 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.917408943 CEST | 80 | 57570 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.917491913 CEST | 57570 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.917602062 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:48.917675972 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.917807102 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:48.922657967 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:49.613887072 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:49.614077091 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:49.726095915 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:49.730937958 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:49.962387085 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:49.962516069 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.085444927 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.085735083 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.090773106 CEST | 80 | 57571 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.090848923 CEST | 57571 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.090889931 CEST | 80 | 57572 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.090967894 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.091181993 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.095956087 CEST | 80 | 57572 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.807029009 CEST | 80 | 57572 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.807143927 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.929296017 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.929563999 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.935077906 CEST | 80 | 57573 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.935179949 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.935319901 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.935528994 CEST | 80 | 57572 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:50.935590029 CEST | 57572 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:50.940107107 CEST | 80 | 57573 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:51.669373989 CEST | 80 | 57573 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:51.669495106 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.786983013 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.787242889 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.792606115 CEST | 80 | 57574 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:51.792681932 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.792768002 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.793083906 CEST | 80 | 57573 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:51.793134928 CEST | 57573 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:51.800431013 CEST | 80 | 57574 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:52.719605923 CEST | 80 | 57574 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:52.719677925 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.833884001 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.834177017 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.849026918 CEST | 80 | 57574 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:52.849086046 CEST | 57574 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.849510908 CEST | 80 | 57575 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:52.849574089 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.849694967 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:52.863738060 CEST | 80 | 57575 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:53.621285915 CEST | 80 | 57575 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:53.621360064 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.740159988 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.740453959 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.750010014 CEST | 80 | 57576 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:53.750096083 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.750183105 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.750972033 CEST | 80 | 57575 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:53.751030922 CEST | 57575 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:53.758719921 CEST | 80 | 57576 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:54.453270912 CEST | 80 | 57576 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:54.453355074 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.568293095 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.568598986 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.573776960 CEST | 80 | 57577 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:54.573868036 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.574004889 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.574206114 CEST | 80 | 57576 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:54.574263096 CEST | 57576 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:54.581118107 CEST | 80 | 57577 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:55.379906893 CEST | 80 | 57577 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:55.380007982 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.489829063 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.490127087 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.496745110 CEST | 80 | 57577 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:55.496815920 CEST | 57577 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.496856928 CEST | 80 | 57578 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:55.496922970 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.497025967 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:55.504401922 CEST | 80 | 57578 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:56.275300026 CEST | 80 | 57578 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:56.275356054 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.397588015 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.397958994 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.430785894 CEST | 80 | 57579 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:56.430984020 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.431134939 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.438292980 CEST | 80 | 57578 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:56.438359022 CEST | 57578 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:56.462378979 CEST | 80 | 57579 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:57.201956987 CEST | 80 | 57579 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:57.202033997 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.319653988 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.320053101 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.325484037 CEST | 80 | 57579 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:57.325563908 CEST | 57579 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.326075077 CEST | 80 | 57580 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:57.326159954 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.326319933 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:57.331476927 CEST | 80 | 57580 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.046159029 CEST | 80 | 57580 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.046291113 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.163719893 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.164024115 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.169105053 CEST | 80 | 57581 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.169295073 CEST | 80 | 57580 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.169495106 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.169517040 CEST | 57580 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.169636965 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:58.175813913 CEST | 80 | 57581 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.953360081 CEST | 80 | 57581 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:58.953476906 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.071332932 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.071332932 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.109551907 CEST | 80 | 57582 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:59.109632969 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.110501051 CEST | 80 | 57581 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:59.110551119 CEST | 57581 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.111211061 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:32:59.143480062 CEST | 80 | 57582 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:59.949852943 CEST | 80 | 57582 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:32:59.949927092 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.070136070 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.070344925 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.077785969 CEST | 80 | 57583 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.077867985 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.078115940 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.079125881 CEST | 80 | 57582 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.079174995 CEST | 57582 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.085407972 CEST | 80 | 57583 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.771852970 CEST | 80 | 57583 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.772028923 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.898545027 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.901865005 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.904252052 CEST | 80 | 57583 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.905940056 CEST | 57583 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.907296896 CEST | 80 | 57584 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:00.909960985 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.913867950 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:00.918843985 CEST | 80 | 57584 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:01.633050919 CEST | 80 | 57584 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:01.633141994 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.741727114 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.741858959 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.747342110 CEST | 80 | 57585 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:01.747425079 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.747680902 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.747728109 CEST | 80 | 57584 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:01.747814894 CEST | 57584 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:01.754822969 CEST | 80 | 57585 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:02.490453959 CEST | 80 | 57585 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:02.493932009 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.617552996 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.617964029 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.629470110 CEST | 80 | 57586 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:02.629623890 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.629847050 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.630692959 CEST | 80 | 57585 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:02.633950949 CEST | 57585 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:02.642290115 CEST | 80 | 57586 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:03.387306929 CEST | 80 | 57586 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:03.387367964 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.509114981 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.509476900 CEST | 57587 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.518225908 CEST | 80 | 57586 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:03.518286943 CEST | 57586 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.518698931 CEST | 80 | 57587 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:03.518755913 CEST | 57587 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.518883944 CEST | 57587 | 80 | 192.168.2.6 | 185.208.158.248 |
Sep 27, 2024 17:33:03.529381037 CEST | 80 | 57587 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:04.246556997 CEST | 80 | 57587 | 185.208.158.248 | 192.168.2.6 |
Sep 27, 2024 17:33:04.249908924 CEST | 57587 | 80 | 192.168.2.6 | 185.208.158.248 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 17:31:28.681607962 CEST | 53 | 62292 | 162.159.36.2 | 192.168.2.6 |
Sep 27, 2024 17:31:29.153625965 CEST | 51078 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 27, 2024 17:31:29.161782980 CEST | 53 | 51078 | 1.1.1.1 | 192.168.2.6 |
Sep 27, 2024 17:31:52.667908907 CEST | 59518 | 53 | 192.168.2.6 | 91.211.247.248 |
Sep 27, 2024 17:31:52.706096888 CEST | 53 | 59518 | 91.211.247.248 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 17:31:29.153625965 CEST | 192.168.2.6 | 1.1.1.1 | 0x2676 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Sep 27, 2024 17:31:52.667908907 CEST | 192.168.2.6 | 91.211.247.248 | 0x49d6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 17:31:29.161782980 CEST | 1.1.1.1 | 192.168.2.6 | 0x2676 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Sep 27, 2024 17:31:52.706096888 CEST | 91.211.247.248 | 192.168.2.6 | 0x49d6 | No error (0) | 185.208.158.248 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 57519 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:31:52.756558895 CEST | 318 | OUT | |
Sep 27, 2024 17:31:53.456573963 CEST | 576 | IN | |
Sep 27, 2024 17:31:56.101192951 CEST | 326 | OUT | |
Sep 27, 2024 17:31:56.349338055 CEST | 220 | IN | |
Sep 27, 2024 17:31:56.460501909 CEST | 326 | OUT | |
Sep 27, 2024 17:31:56.885082006 CEST | 431 | IN | |
Sep 27, 2024 17:31:57.185530901 CEST | 431 | IN | |
Sep 27, 2024 17:31:57.185894012 CEST | 431 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 57522 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:31:57.310273886 CEST | 326 | OUT | |
Sep 27, 2024 17:31:58.025355101 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 57523 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:31:58.337560892 CEST | 326 | OUT | |
Sep 27, 2024 17:31:59.024277925 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 57524 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:31:59.152204990 CEST | 326 | OUT | |
Sep 27, 2024 17:31:59.852696896 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 57526 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:31:59.981079102 CEST | 326 | OUT | |
Sep 27, 2024 17:32:00.689898014 CEST | 220 | IN | |
Sep 27, 2024 17:32:00.802612066 CEST | 326 | OUT | |
Sep 27, 2024 17:32:01.039459944 CEST | 220 | IN | |
Sep 27, 2024 17:32:01.147798061 CEST | 326 | OUT | |
Sep 27, 2024 17:32:01.393053055 CEST | 220 | IN | |
Sep 27, 2024 17:32:01.505816936 CEST | 326 | OUT | |
Sep 27, 2024 17:32:01.913379908 CEST | 220 | IN | |
Sep 27, 2024 17:32:02.021452904 CEST | 326 | OUT | |
Sep 27, 2024 17:32:02.267426014 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 57527 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:02.385979891 CEST | 326 | OUT | |
Sep 27, 2024 17:32:03.066957951 CEST | 220 | IN | |
Sep 27, 2024 17:32:03.177248001 CEST | 326 | OUT | |
Sep 27, 2024 17:32:03.418124914 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 57528 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:03.543560982 CEST | 326 | OUT | |
Sep 27, 2024 17:32:04.272787094 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 57529 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:04.487080097 CEST | 326 | OUT | |
Sep 27, 2024 17:32:05.215248108 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 57530 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:05.341111898 CEST | 326 | OUT | |
Sep 27, 2024 17:32:06.018549919 CEST | 220 | IN | |
Sep 27, 2024 17:32:06.133611917 CEST | 326 | OUT | |
Sep 27, 2024 17:32:06.373557091 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 57531 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:06.495858908 CEST | 326 | OUT | |
Sep 27, 2024 17:32:07.205893040 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 57532 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:07.420233011 CEST | 326 | OUT | |
Sep 27, 2024 17:32:08.108875036 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.6 | 57533 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:08.231808901 CEST | 326 | OUT | |
Sep 27, 2024 17:32:08.923155069 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.6 | 57534 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:09.044361115 CEST | 326 | OUT | |
Sep 27, 2024 17:32:09.752852917 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.6 | 57535 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:10.281172037 CEST | 326 | OUT | |
Sep 27, 2024 17:32:10.882915020 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.6 | 57536 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:11.043915987 CEST | 326 | OUT | |
Sep 27, 2024 17:32:11.795059919 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.6 | 57537 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:11.930565119 CEST | 326 | OUT | |
Sep 27, 2024 17:32:12.694988966 CEST | 220 | IN | |
Sep 27, 2024 17:32:12.802819014 CEST | 326 | OUT | |
Sep 27, 2024 17:32:13.253220081 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.6 | 57538 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:13.451730967 CEST | 326 | OUT | |
Sep 27, 2024 17:32:14.186856985 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.6 | 57539 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:14.309135914 CEST | 326 | OUT | |
Sep 27, 2024 17:32:15.019023895 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.6 | 57540 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:15.143862963 CEST | 326 | OUT | |
Sep 27, 2024 17:32:15.855298996 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.6 | 57541 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:15.984002113 CEST | 326 | OUT | |
Sep 27, 2024 17:32:16.706841946 CEST | 220 | IN | |
Sep 27, 2024 17:32:16.818640947 CEST | 326 | OUT | |
Sep 27, 2024 17:32:17.056643963 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.6 | 57543 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:17.185475111 CEST | 326 | OUT | |
Sep 27, 2024 17:32:17.927685976 CEST | 220 | IN | |
Sep 27, 2024 17:32:18.037250042 CEST | 326 | OUT | |
Sep 27, 2024 17:32:18.381916046 CEST | 220 | IN | |
Sep 27, 2024 17:32:18.490320921 CEST | 326 | OUT | |
Sep 27, 2024 17:32:18.733568907 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.6 | 57544 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:18.886420012 CEST | 326 | OUT | |
Sep 27, 2024 17:32:19.582662106 CEST | 220 | IN | |
Sep 27, 2024 17:32:19.695391893 CEST | 326 | OUT | |
Sep 27, 2024 17:32:19.930829048 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.6 | 57545 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:20.061382055 CEST | 326 | OUT | |
Sep 27, 2024 17:32:20.791169882 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.6 | 57547 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:20.936194897 CEST | 326 | OUT | |
Sep 27, 2024 17:32:21.648509026 CEST | 220 | IN | |
Sep 27, 2024 17:32:21.776375055 CEST | 326 | OUT | |
Sep 27, 2024 17:32:22.019803047 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.6 | 57548 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:22.323118925 CEST | 326 | OUT | |
Sep 27, 2024 17:32:22.948270082 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.6 | 57549 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:23.094127893 CEST | 326 | OUT | |
Sep 27, 2024 17:32:23.788425922 CEST | 220 | IN | |
Sep 27, 2024 17:32:23.897870064 CEST | 326 | OUT | |
Sep 27, 2024 17:32:24.221721888 CEST | 220 | IN | |
Sep 27, 2024 17:32:24.334002972 CEST | 326 | OUT | |
Sep 27, 2024 17:32:24.572361946 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.6 | 57550 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:24.715336084 CEST | 326 | OUT | |
Sep 27, 2024 17:32:25.416487932 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.6 | 57551 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:25.544553041 CEST | 326 | OUT | |
Sep 27, 2024 17:32:26.238362074 CEST | 220 | IN | |
Sep 27, 2024 17:32:26.349770069 CEST | 326 | OUT | |
Sep 27, 2024 17:32:26.620265007 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.6 | 57552 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:26.747193098 CEST | 326 | OUT | |
Sep 27, 2024 17:32:27.662174940 CEST | 220 | IN | |
Sep 27, 2024 17:32:27.665425062 CEST | 220 | IN | |
Sep 27, 2024 17:32:27.775023937 CEST | 326 | OUT | |
Sep 27, 2024 17:32:28.011087894 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.6 | 57553 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:28.194942951 CEST | 326 | OUT | |
Sep 27, 2024 17:32:28.893805981 CEST | 220 | IN | |
Sep 27, 2024 17:32:29.007306099 CEST | 326 | OUT | |
Sep 27, 2024 17:32:29.249866009 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.6 | 57554 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:29.372437000 CEST | 326 | OUT | |
Sep 27, 2024 17:32:30.081671000 CEST | 220 | IN | |
Sep 27, 2024 17:32:30.198513985 CEST | 326 | OUT | |
Sep 27, 2024 17:32:30.439491034 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.6 | 57555 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:30.565201044 CEST | 326 | OUT | |
Sep 27, 2024 17:32:31.293672085 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.6 | 57556 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:31.500194073 CEST | 326 | OUT | |
Sep 27, 2024 17:32:32.209187984 CEST | 220 | IN | |
Sep 27, 2024 17:32:32.319962025 CEST | 326 | OUT | |
Sep 27, 2024 17:32:32.559019089 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.6 | 57557 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:32.690319061 CEST | 326 | OUT | |
Sep 27, 2024 17:32:33.392370939 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.6 | 57558 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:33.516614914 CEST | 326 | OUT | |
Sep 27, 2024 17:32:34.215002060 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.6 | 57559 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:34.341538906 CEST | 326 | OUT | |
Sep 27, 2024 17:32:35.049894094 CEST | 220 | IN | |
Sep 27, 2024 17:32:35.163914919 CEST | 326 | OUT | |
Sep 27, 2024 17:32:35.411149025 CEST | 220 | IN | |
Sep 27, 2024 17:32:35.523046017 CEST | 326 | OUT | |
Sep 27, 2024 17:32:35.763844013 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.6 | 57560 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:35.887816906 CEST | 326 | OUT | |
Sep 27, 2024 17:32:36.593708038 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.6 | 57561 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:36.715512991 CEST | 326 | OUT | |
Sep 27, 2024 17:32:37.422297955 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.6 | 57562 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:37.544811964 CEST | 326 | OUT | |
Sep 27, 2024 17:32:38.261061907 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
39 | 192.168.2.6 | 57563 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:38.579432011 CEST | 326 | OUT | |
Sep 27, 2024 17:32:39.289077997 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
40 | 192.168.2.6 | 57564 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:39.417458057 CEST | 326 | OUT | |
Sep 27, 2024 17:32:40.123241901 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
41 | 192.168.2.6 | 57565 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:40.246184111 CEST | 326 | OUT | |
Sep 27, 2024 17:32:40.924777031 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
42 | 192.168.2.6 | 57566 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:41.173532009 CEST | 326 | OUT | |
Sep 27, 2024 17:32:41.880575895 CEST | 220 | IN | |
Sep 27, 2024 17:32:41.990983963 CEST | 326 | OUT | |
Sep 27, 2024 17:32:42.250861883 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
43 | 192.168.2.6 | 57567 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:42.370582104 CEST | 326 | OUT | |
Sep 27, 2024 17:32:43.068851948 CEST | 220 | IN | |
Sep 27, 2024 17:32:43.177799940 CEST | 326 | OUT | |
Sep 27, 2024 17:32:43.421175957 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
44 | 192.168.2.6 | 57568 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:43.542486906 CEST | 326 | OUT | |
Sep 27, 2024 17:32:47.253375053 CEST | 220 | IN | |
Sep 27, 2024 17:32:47.366082907 CEST | 326 | OUT | |
Sep 27, 2024 17:32:47.601715088 CEST | 220 | IN | |
Sep 27, 2024 17:32:47.710699081 CEST | 326 | OUT | |
Sep 27, 2024 17:32:47.946191072 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
45 | 192.168.2.6 | 57570 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:48.074552059 CEST | 326 | OUT | |
Sep 27, 2024 17:32:48.796789885 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
46 | 192.168.2.6 | 57571 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:48.917807102 CEST | 326 | OUT | |
Sep 27, 2024 17:32:49.613887072 CEST | 220 | IN | |
Sep 27, 2024 17:32:49.726095915 CEST | 326 | OUT | |
Sep 27, 2024 17:32:49.962387085 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
47 | 192.168.2.6 | 57572 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:50.091181993 CEST | 326 | OUT | |
Sep 27, 2024 17:32:50.807029009 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
48 | 192.168.2.6 | 57573 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:50.935319901 CEST | 326 | OUT | |
Sep 27, 2024 17:32:51.669373989 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
49 | 192.168.2.6 | 57574 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:51.792768002 CEST | 326 | OUT | |
Sep 27, 2024 17:32:52.719605923 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
50 | 192.168.2.6 | 57575 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:52.849694967 CEST | 326 | OUT | |
Sep 27, 2024 17:32:53.621285915 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
51 | 192.168.2.6 | 57576 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:53.750183105 CEST | 326 | OUT | |
Sep 27, 2024 17:32:54.453270912 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
52 | 192.168.2.6 | 57577 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:54.574004889 CEST | 326 | OUT | |
Sep 27, 2024 17:32:55.379906893 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
53 | 192.168.2.6 | 57578 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:55.497025967 CEST | 326 | OUT | |
Sep 27, 2024 17:32:56.275300026 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
54 | 192.168.2.6 | 57579 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:56.431134939 CEST | 326 | OUT | |
Sep 27, 2024 17:32:57.201956987 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
55 | 192.168.2.6 | 57580 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:57.326319933 CEST | 326 | OUT | |
Sep 27, 2024 17:32:58.046159029 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
56 | 192.168.2.6 | 57581 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:58.169636965 CEST | 326 | OUT | |
Sep 27, 2024 17:32:58.953360081 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
57 | 192.168.2.6 | 57582 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:32:59.111211061 CEST | 326 | OUT | |
Sep 27, 2024 17:32:59.949852943 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
58 | 192.168.2.6 | 57583 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:33:00.078115940 CEST | 326 | OUT | |
Sep 27, 2024 17:33:00.771852970 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
59 | 192.168.2.6 | 57584 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:33:00.913867950 CEST | 326 | OUT | |
Sep 27, 2024 17:33:01.633050919 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
60 | 192.168.2.6 | 57585 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:33:01.747680902 CEST | 326 | OUT | |
Sep 27, 2024 17:33:02.490453959 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
61 | 192.168.2.6 | 57586 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:33:02.629847050 CEST | 326 | OUT | |
Sep 27, 2024 17:33:03.387306929 CEST | 220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
62 | 192.168.2.6 | 57587 | 185.208.158.248 | 80 | 4052 | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 17:33:03.518883944 CEST | 326 | OUT | |
Sep 27, 2024 17:33:04.246556997 CEST | 220 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:30:57 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'298'104 bytes |
MD5 hash: | 5F3D49BFFED0DA5D969582BD92FED715 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 11:30:57 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\is-CJFRT.tmp\file.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 708'608 bytes |
MD5 hash: | 499BD324F6DD0DF600B61BE36E26B612 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 11:30:58 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'264'512 bytes |
MD5 hash: | D9BDC42F41BCE78D0C9D0FB3AC33D0DF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 21.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.4% |
Total number of Nodes: | 1520 |
Total number of Limit Nodes: | 22 |
Graph
Function 00409B78 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040520C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004099EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401918 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A814 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A82F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401430 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405280 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C34 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405258 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405CF4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040840C Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401494 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 15.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 4.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 66 |
Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E0AC Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450334 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423C1C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046744C Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1656windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452AD4 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E1E4 Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408578 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423B94 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455644 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F594 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F250 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00492DEC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00483F60 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468E4C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D2FC Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040632C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F5D4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453264 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467228 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004309B4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042369C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418F48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041364C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455780 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE54 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454E48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042ED48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455AB8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472350 Relevance: 6.3, APIs: 4, Instructions: 272fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048017C Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421284 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416B52 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004230D8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019CC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048446C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047CA5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F03C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045715C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CEF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00482160 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B400 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B134 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042440C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416654 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EE64 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C978 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F0AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE2C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047E8F8 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402088 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045285C Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ADE8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EEB4 Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452CF4 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004527E4 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042324C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E3A4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047CD0F Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045096C Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040626C Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004085EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FBAC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C550 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441408 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416560 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149C4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450838 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CCDC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E8D8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AF80 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062F8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454C6C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041468C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406F20 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042365C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004242D4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466BE8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CD34 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ED0 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004509A0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004072B8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E3FF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004165FC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044879C Relevance: 1.4, APIs: 1, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047E21C Relevance: 1.4, APIs: 1, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F3D4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453038 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406F58 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F128 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458670 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418394 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045568C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049877C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045763C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455EB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417CE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464200 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00463D84 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E944 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00483E20 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004627F8 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004241EC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417CDE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004175A8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004241A4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004125E8 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478EFC Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D2E4 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D2FC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001130 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001000 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B6CC Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004566E0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00498AA8 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CC68 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004548E8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00459500 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458AEC Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045459C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497328 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462A98 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F1E8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458CC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456DC8 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E428 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00481D38 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D35C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D1EC Relevance: 13.6, APIs: 9, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496BCC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004703F4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462ED8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004787AC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00429490 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DE34 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047708C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411704 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457384 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004780A8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045982C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C158 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418C64 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484150 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B472 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495A04 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D730 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EA2C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047905C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B67C Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B94C Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B518 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BD9C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A90 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047EBDC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B280 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EAB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E9BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00477FD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416C3C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414810 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004297DC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BBC8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004143F0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FB4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456CA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004571FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478B28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004840A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045940C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EB64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F7B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00499040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046469C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047DB00 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D08 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408A64 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E938 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495FFC Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417228 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00495CB4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454FF0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D020 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D1CC Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478640 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424250 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040627C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A69C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004767E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004792D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004501DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496A78 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DD74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045571C Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 10.3% |
Dynamic/Decrypted Code Coverage: | 83.5% |
Signature Coverage: | 4% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 32 |
Graph
Function 02D672AB Relevance: 96.9, APIs: 41, Strings: 14, Instructions: 659networksleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6648B Relevance: 82.5, APIs: 42, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D6F8DE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6F7DA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D61CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D64D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D626DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D629EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D61BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D73A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D62EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA0DFA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D62DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D72030 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D61AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DFA471 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B225 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402160 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D64BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D9FC92 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 110stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D62D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040220B Relevance: 3.0, APIs: 2, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D68321 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004039F0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402159 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004021A8 Relevance: 3.0, APIs: 2, Instructions: 6registryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D65119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6E8F8 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D633B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6E488 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402332 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D6E267 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026D6 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025C7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B8DC Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040256B Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B1FE Relevance: 1.5, APIs: 1, Instructions: 5registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D720A0 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B4BC Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B7AE Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402277 Relevance: 1.3, APIs: 1, Instructions: 14stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040218F Relevance: 1.3, APIs: 1, Instructions: 10sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B5D9 Relevance: 1.3, APIs: 1, Instructions: 8sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040270C Relevance: 4.5, APIs: 3, Instructions: 13serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D708B8 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6F792 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040254E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D64603 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 442networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D624E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D63423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405408 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C59 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004058D5 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D71550 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D71662 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404618 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 102memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D75CD4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D73404 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D734D9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405B24 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D61C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D70800 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 179windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D71870 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D64030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004036D0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6E02F Relevance: 7.6, APIs: 5, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D621D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D61EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D630AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403E3A Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D736F0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D63D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D6247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D62004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D61E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040475C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 27memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D695A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D619C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040446C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|