Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe |
| Analysis ID: | 1521409 |
| MD5: | 4e277b4187525cd19cd7269a4daf9fc1 |
| SHA1: | 611a0b0711f3850958422680b9b662466e7e800a |
| SHA256: | 733ad8a06b4d21a85c29b76af4a89b22077292903fc3df7eb052d4f2027af99f |
| Tags: | exe |
| Infos: |  |
 | |
Detection
Socks5Systemz
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Machine Learning detection for dropped file
PE file has a writeable .text section
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe (PID: 7528 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Win 32.Crypt.3 1282.17969 .exe" MD5: 4E277B4187525CD19CD7269A4DAF9FC1) - SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp (PID: 7544 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-NOU JM.tmp\Sec uriteInfo. com.Trojan .Win32.Cry pt.31282.1 7969.tmp" /SL5="$204 6A,2942017 ,56832,C:\ Users\user \Desktop\S ecuriteInf o.com.Troj an.Win32.C rypt.31282 .17969.exe " MD5: 5D678A5E268C0BAD90CD1584C53048AD) 
playglock.exe (PID: 7572 cmdline: "C:\Users\ user\AppDa ta\Local\P lay Glock\ playglock. exe" -i MD5: 31590895739E872769BF62DD513196B7)
- cleanup
{"C2 list": ["ddbnoae.info"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security | ||
| JoeSecurity_Socks5Systemz | Yara detected Socks5Systemz | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-28T09:25:55.540626+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.427061+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.781783+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:59.624548+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63628 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:00.434553+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63629 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:01.281941+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63630 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:02.092723+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63631 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.049963+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.410859+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:04.247928+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63633 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.051376+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.402850+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.221287+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.572307+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:07.388696+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63636 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.221257+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.860198+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:09.679607+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63638 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:10.500217+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63639 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:11.308851+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63640 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:12.376602+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63641 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.237350+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.584649+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.930705+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:14.767368+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63643 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:16.652444+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63644 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:17.730814+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63645 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:18.544748+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63646 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.350971+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.693692+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.039696+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.680848+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:21.509099+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63648 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:22.322391+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63649 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:23.835727+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.188683+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.988129+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:26.310503+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.125276+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63652 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.948092+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63653 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:28.766691+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63654 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:29.576544+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63655 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:30.401804+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63656 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:31.246416+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63657 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.056708+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63658 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.872983+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63659 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:33.718827+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63660 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:34.540230+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63661 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:35.370223+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63662 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.204093+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.562402+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:37.374139+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63664 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:38.186075+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63665 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.010930+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63666 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.872727+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63667 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:40.723914+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:41.075276+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.127712+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.487985+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.334326+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.688516+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:44.608533+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63671 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:45.465389+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63672 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:46.295276+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63673 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:47.122375+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63674 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:48.188351+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63675 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.027064+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63676 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.842755+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63677 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:50.662820+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63678 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:51.645002+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63679 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:52.464837+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63680 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:53.290624+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63681 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.126585+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63682 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.938947+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63683 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:55.744507+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63684 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:56.589229+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63685 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:57.424641+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63686 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:58.286158+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63687 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:59.236495+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63688 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.067537+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63689 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.898430+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63690 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:01.718700+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63691 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:02.693859+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63692 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:03.700537+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63693 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:04.554380+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63694 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:05.459809+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63695 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:06.288510+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63696 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:07.125952+0200 | 2049467 | 1 | A Network Trojan was detected | 192.168.2.4 | 63697 | 185.208.158.248 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-28T09:25:55.540626+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.427061+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.781783+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:59.624548+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63628 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:00.434553+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63629 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:01.281941+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63630 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:02.092723+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63631 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.049963+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.410859+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:04.247928+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63633 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.051376+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.402850+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.221287+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.572307+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:07.388696+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63636 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.221257+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.860198+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:09.679607+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63638 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:10.500217+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63639 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:11.308851+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63640 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:12.376602+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63641 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.237350+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.584649+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.930705+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:14.767368+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63643 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:16.652444+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63644 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:17.730814+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63645 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:18.544748+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63646 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.350971+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.693692+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.039696+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.680848+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:21.509099+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63648 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:22.322391+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63649 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:23.835727+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.188683+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.988129+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:26.310503+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.125276+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63652 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.948092+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63653 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:28.766691+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63654 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:29.576544+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63655 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:30.401804+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63656 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:31.246416+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63657 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.056708+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63658 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.872983+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63659 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:33.718827+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63660 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:34.540230+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63661 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:35.370223+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63662 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.204093+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.562402+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:37.374139+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63664 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:38.186075+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63665 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.010930+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63666 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.872727+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63667 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:40.723914+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:41.075276+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.127712+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.487985+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.334326+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.688516+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:44.608533+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63671 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:45.465389+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63672 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:46.295276+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63673 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:47.122375+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63674 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:48.188351+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63675 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.027064+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63676 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.842755+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63677 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:50.662820+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63678 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:51.645002+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63679 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:52.464837+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63680 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:53.290624+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63681 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.126585+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63682 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.938947+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63683 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:55.744507+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63684 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:56.589229+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63685 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:57.424641+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63686 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:58.286158+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63687 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:59.236495+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63688 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.067537+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63689 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.898430+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63690 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:01.718700+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63691 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:02.693859+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63692 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:03.700537+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63693 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:04.554380+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63694 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:05.459809+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63695 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:06.288510+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63696 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:07.125952+0200 | 2050112 | 1 | A Network Trojan was detected | 192.168.2.4 | 63697 | 185.208.158.248 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 1_2_0045D230 | |
| Source: | Code function: | 1_2_0045D2E4 | |
| Source: | Code function: | 1_2_0045D2FC | |
| Source: | Code function: | 1_2_10001000 | |
| Source: | Code function: | 1_2_10001130 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_00452AD4 | |
| Source: | Code function: | 1_2_004753C4 | |
| Source: | Code function: | 1_2_00464200 | |
| Source: | Code function: | 1_2_0049877C | |
| Source: | Code function: | 1_2_004627F8 | |
| Source: | Code function: | 1_2_00463D84 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 2_2_02C572AB | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_0042F594 | |
| Source: | Code function: | 1_2_00423B94 | |
| Source: | Code function: | 1_2_004125E8 | |
| Source: | Code function: | 1_2_00478EFC | |
| Source: | Code function: | 1_2_0045763C | |
| Source: | Code function: | 1_2_0042E944 | |
| Source: | Code function: | 0_2_00409448 | |
| Source: | Code function: | 1_2_0045568C | |
| Source: | Code function: | 0_2_0040840C | |
| Source: | Code function: | 1_2_004708A0 | |
| Source: | Code function: | 1_2_00480E7E | |
| Source: | Code function: | 1_2_0043533C | |
| Source: | Code function: | 1_2_0046744C | |
| Source: | Code function: | 1_2_00488014 | |
| Source: | Code function: | 1_2_004303D0 | |
| Source: | Code function: | 1_2_0048E4AC | |
| Source: | Code function: | 1_2_0044453C | |
| Source: | Code function: | 1_2_00434638 | |
| Source: | Code function: | 1_2_00444AE4 | |
| Source: | Code function: | 1_2_00430F5C | |
| Source: | Code function: | 1_2_004870B4 | |
| Source: | Code function: | 1_2_0045F16C | |
| Source: | Code function: | 1_2_004451DC | |
| Source: | Code function: | 1_2_0045B21C | |
| Source: | Code function: | 1_2_004694C8 | |
| Source: | Code function: | 1_2_004455E8 | |
| Source: | Code function: | 1_2_00451A30 | |
| Source: | Code function: | 1_2_0043DDC4 | |
| Source: | Code function: | 2_2_00401051 | |
| Source: | Code function: | 2_2_00401C26 | |
| Source: | Code function: | 2_2_02C6E18D | |
| Source: | Code function: | 2_2_02C69E84 | |
| Source: | Code function: | 2_2_02C74E29 | |
| Source: | Code function: | 2_2_02C5EFB1 | |
| Source: | Code function: | 2_2_02C6DC99 | |
| Source: | Code function: | 2_2_02C68442 | |
| Source: | Code function: | 2_2_02C6AC3A | |
| Source: | Code function: | 2_2_02C6E5A5 | |
| Source: | Code function: | 2_2_02C72DB4 | |
| Source: | Code function: | 2_2_02C940A2 | |
| Source: | Code function: | 2_2_02C8B950 | |
| Source: | Code function: | 2_2_02C8BCEB | |
| Source: | Code function: | 2_2_02C8B4E5 | |
| Source: | Code function: | 2_2_02C8BD58 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_02C608B8 | |
| Source: | Code function: | 0_2_00409448 | |
| Source: | Code function: | 1_2_0045568C | |
| Source: | Code function: | 1_2_00455EB4 | |
| Source: | Code function: | 2_2_0040B202 | |
| Source: | Code function: | 1_2_0046E1E4 | |
| Source: | Code function: | 0_2_00409C34 | |
| Source: | Code function: | 2_2_004024E9 | |
| Source: | Code function: | 2_2_004024E9 | |
| Source: | Code function: | 2_2_004021BF | |
| Source: | Code function: | 2_2_004021BF | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 1_2_00450334 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004065FD | |
| Source: | Code function: | 0_2_004040F1 | |
| Source: | Code function: | 0_2_00408109 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_0040C219 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00404389 | |
| Source: | Code function: | 0_2_00408F63 | |
| Source: | Code function: | 1_2_00484572 | |
| Source: | Code function: | 1_2_00409991 | |
| Source: | Code function: | 1_2_00458090 | |
| Source: | Code function: | 1_2_004062C5 | |
| Source: | Code function: | 1_2_004104F5 | |
| Source: | Code function: | 1_2_00412993 | |
| Source: | Code function: | 1_2_0049AD3F | |
| Source: | Code function: | 1_2_0040CE4A | |
| Source: | Code function: | 1_2_004593B4 | |
| Source: | Code function: | 1_2_00495389 | |
| Source: | Code function: | 1_2_0040F3AA | |
| Source: | Code function: | 1_2_004054A9 | |
| Source: | Code function: | 1_2_004434B8 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00405741 | |
| Source: | Code function: | 1_2_00451897 | |
| Source: | Code function: | 1_2_00451A35 | |
| Source: | Code function: | 1_2_00485B61 | |
| Source: | Code function: | 1_2_00419C3D | |
| Source: | Code function: | 1_2_0045FDC8 | |
Persistence and Installation Behavior | |
|---|
| Source: | Code function: | 2_2_00401A4F | |
| Source: | Code function: | 2_2_02C5F7DA | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | Code function: | 2_2_00401A4F | |
| Source: | Code function: | 2_2_02C5F7DA | |
| Source: | Code function: | 2_2_004024E9 | |
| Source: | Code function: | 1_2_00423C1C | |
| Source: | Code function: | 1_2_00423C1C | |
| Source: | Code function: | 1_2_004241EC | |
| Source: | Code function: | 1_2_004241A4 | |
| Source: | Code function: | 1_2_00418394 | |
| Source: | Code function: | 1_2_0042286C | |
| Source: | Code function: | 1_2_0042F2F0 | |
| Source: | Code function: | 1_2_004175A8 | |
| Source: | Code function: | 1_2_00417CDE | |
| Source: | Code function: | 1_2_00417CE0 | |
| Source: | Code function: | 1_2_00483E20 | |
| Source: | Code function: | 1_2_0041F128 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Code function: | 2_2_00401B4B | |
| Source: | Code function: | 2_2_02C5F8DE | |
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Evasive API call chain: | graph_0-5966 | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 1_2_00452AD4 | |
| Source: | Code function: | 1_2_004753C4 | |
| Source: | Code function: | 1_2_00464200 | |
| Source: | Code function: | 1_2_0049877C | |
| Source: | Code function: | 1_2_004627F8 | |
| Source: | Code function: | 1_2_00463D84 | |
| Source: | Code function: | 0_2_00409B78 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-6763 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_02C700FE | |
| Source: | Code function: | 2_2_02C700FE | |
| Source: | Code function: | 1_2_00450334 | |
| Source: | Code function: | 2_2_02C5648B | |
| Source: | Code function: | 2_2_02C69468 | |
| Source: | Code function: | 1_2_00478940 | |
| Source: | Code function: | 1_2_0042EE28 | |
| Source: | Code function: | 1_2_0042E0AC | |
| Source: | Code function: | 2_2_02C5F792 | |
| Source: | Code function: | 0_2_0040520C | |
| Source: | Code function: | 0_2_00405258 | |
| Source: | Code function: | 1_2_00408578 | |
| Source: | Code function: | 1_2_004085C4 | |
| Source: | Code function: | 1_2_00458670 | |
| Source: | Code function: | 0_2_004026C4 | |
| Source: | Code function: | 1_2_00455644 | |
| Source: | Code function: | 0_2_00405CF4 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 5 Windows Service | 1 DLL Side-Loading | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | 1 Bootkit | 1 Access Token Manipulation | 2 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 5 Windows Service | 1 DLL Side-Loading | NTDS | 35 System Information Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 2 Process Injection | 1 Masquerading | LSA Secrets | 41 Security Software Discovery | SSH | Keylogging | 112 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 2 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Bootkit | /etc/passwd and /etc/shadow | 3 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
| Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 13% | ReversingLabs | Win32.Trojan.Munp |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 0% | ReversingLabs | |||
| 5% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 5% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| ddbnoae.info | 185.208.158.248 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown | ||
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.208.158.248 | ddbnoae.info | Switzerland | 34888 | SIMPLECARRER2IT | true | |
| 195.154.173.35 | unknown | France | 12876 | OnlineSASFR | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1521409 |
| Start date and time: | 2024-09-28 09:24:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 31s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@5/26@1/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe
| Time | Type | Description |
|---|---|---|
| 03:25:35 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.208.158.248 | Get hash | malicious | Socks5Systemz | Browse | ||
| Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| 195.154.173.35 | Get hash | malicious | Socks5Systemz | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| OnlineSASFR | Get hash | malicious | Socks5Systemz | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | LummaC, Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| SIMPLECARRER2IT | Get hash | malicious | Socks5Systemz | Browse |
| |
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Play Glock\Qt5OpenGL.dll (copy) | Get hash | malicious | Socks5Systemz | Browse | ||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse | |||
| Get hash | malicious | Socks5Systemz | Browse |
| Process: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2916352 |
| Entropy (8bit): | 6.880539158757775 |
| Encrypted: | false |
| SSDEEP: | 49152:h7ewEBX5iWVPDO1qO8QSWXSBPM3atVmtXz5Erv:GBJjO1qO8Y2PMKDmtXz |
| MD5: | 31590895739E872769BF62DD513196B7 |
| SHA1: | 1289298AE75B4E4CECB57CE3C9DF018241BE1148 |
| SHA-256: | 3205C7A980AE89897423A788DB8BF2900A3311E4846C8D6A9946874400B65918 |
| SHA-512: | 1F0D4E85158180F52E6F37FEE0BA7A46EFD4CCB487A6BC23D57C00C2A6CC0111B0B7F90CBA79C01B555E5AE43251984BAE73323586A58F093ABDF43833CB0712 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 2.0 |
| Encrypted: | false |
| SSDEEP: | 3:rShl:cl |
| MD5: | 4852ECCD30144B33B04C74093F1224DC |
| SHA1: | D4CD58D4A0FE6F4CF2C578AB83489B8FF6EA1FE1 |
| SHA-256: | 0455D2DDA0715A9495FACCFFA90997A6898618ADF25498F30DF5518842655899 |
| SHA-512: | 98B2A665D8EF0497EB01E93F2FFA501C2673DD844D1FFCE9A86B7363C8287D4B02BF70F67FFF96F5E44A818F8FB033A066FDF8C53B92C0FECFB67C96946CB195 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:rln:x |
| MD5: | AC8AAAEA2B609745C410ABC9C2FC3851 |
| SHA1: | 52E1620DF4D296AF2BF31B954FE972DB03894A1C |
| SHA-256: | A71962744B947463B61084E87B378F086EA8F9EE7178F55D12E7100CFA23F22D |
| SHA-512: | 7EF39F57B23B64E34C268BB1E9F336CD8B2FAADBC540B22E07714CF92DCF93A4ED790525BDE5095F69B6D105A7E928DDDFF64BBB60EBC865A75BA1622FAB12CE |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 2.9545817380615236 |
| Encrypted: | false |
| SSDEEP: | 3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM |
| MD5: | 98DDA7FC0B3E548B68DE836D333D1539 |
| SHA1: | D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6 |
| SHA-256: | 870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D |
| SHA-512: | E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 1.7095628900165245 |
| Encrypted: | false |
| SSDEEP: | 3:LDXdQSWBdMUE/:LLdQSGd |
| MD5: | 4FFFD4D2A32CBF8FB78D521B4CC06680 |
| SHA1: | 3FA6EFA82F738740179A9388D8046619C7EBDF54 |
| SHA-256: | EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68 |
| SHA-512: | 130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334848 |
| Entropy (8bit): | 6.5257884005400015 |
| Encrypted: | false |
| SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
| MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
| SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
| SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
| SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334848 |
| Entropy (8bit): | 6.5257884005400015 |
| Encrypted: | false |
| SSDEEP: | 6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O |
| MD5: | C1D465E061D7D02895DAEB19BDB28AC9 |
| SHA1: | 5E729EE51DF080545C7031D771B85094A2B2D4E9 |
| SHA-256: | 777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60 |
| SHA-512: | 438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392048 |
| Entropy (8bit): | 6.542831007177094 |
| Encrypted: | false |
| SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
| MD5: | EE856A00410ECED8CC609936D01F954E |
| SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
| SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
| SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 719720 |
| Entropy (8bit): | 6.620042925263483 |
| Encrypted: | false |
| SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
| MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
| SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
| SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
| SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2916352 |
| Entropy (8bit): | 6.880538788620891 |
| Encrypted: | false |
| SSDEEP: | 49152:C7ewEBX5iWVPDO1qO8QSWXSBPM3atVmtXz5Erv:FBJjO1qO8Y2PMKDmtXz |
| MD5: | 02954F8A8FAC39F93D97ECB5C850AD4E |
| SHA1: | 327EF5C35F5B13A936B4E46E5225226F38744C41 |
| SHA-256: | C6ABE012BA40C6D2A2083C6D1C28B23599E8D4E9DE1414958A710604D00B7B89 |
| SHA-512: | D992233443F3B6871E70DD7E59FDFAC3766C5C85234E392BE2F2DBC48BAC7FF3FABA7E12D0A9622455118ADAC3C75C172CF04992B86D692FD333AE2CA42C14C5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1471856 |
| Entropy (8bit): | 6.8308189184145665 |
| Encrypted: | false |
| SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
| MD5: | A236287C42F921D109475D47E9DCAC2B |
| SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
| SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
| SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1471856 |
| Entropy (8bit): | 6.8308189184145665 |
| Encrypted: | false |
| SSDEEP: | 24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3 |
| MD5: | A236287C42F921D109475D47E9DCAC2B |
| SHA1: | 6D7C177A0AC3076383669BCE46608EB4B6B787EC |
| SHA-256: | 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD |
| SHA-512: | C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 719720 |
| Entropy (8bit): | 6.620042925263483 |
| Encrypted: | false |
| SSDEEP: | 12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z |
| MD5: | 20B6B06BBD211A8ACFE51193653E4167 |
| SHA1: | 817D442B46DD6F35FD9641E0C7262C934ED76848 |
| SHA-256: | 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4 |
| SHA-512: | 0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499712 |
| Entropy (8bit): | 6.414789978441117 |
| Encrypted: | false |
| SSDEEP: | 12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e |
| MD5: | 561FA2ABB31DFA8FAB762145F81667C2 |
| SHA1: | C8CCB04EEDAC821A13FAE314A2435192860C72B8 |
| SHA-256: | DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B |
| SHA-512: | 7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 348160 |
| Entropy (8bit): | 6.542655141037356 |
| Encrypted: | false |
| SSDEEP: | 6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E |
| MD5: | 86F1895AE8C5E8B17D99ECE768A70732 |
| SHA1: | D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA |
| SHA-256: | 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE |
| SHA-512: | 3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | modified |
| Size (bytes): | 2916352 |
| Entropy (8bit): | 6.880539158757775 |
| Encrypted: | false |
| SSDEEP: | 49152:h7ewEBX5iWVPDO1qO8QSWXSBPM3atVmtXz5Erv:GBJjO1qO8Y2PMKDmtXz |
| MD5: | 31590895739E872769BF62DD513196B7 |
| SHA1: | 1289298AE75B4E4CECB57CE3C9DF018241BE1148 |
| SHA-256: | 3205C7A980AE89897423A788DB8BF2900A3311E4846C8D6A9946874400B65918 |
| SHA-512: | 1F0D4E85158180F52E6F37FEE0BA7A46EFD4CCB487A6BC23D57C00C2A6CC0111B0B7F90CBA79C01B555E5AE43251984BAE73323586A58F093ABDF43833CB0712 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392048 |
| Entropy (8bit): | 6.542831007177094 |
| Encrypted: | false |
| SSDEEP: | 6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25 |
| MD5: | EE856A00410ECED8CC609936D01F954E |
| SHA1: | 705D378626AEC86FECFDF04C86244006BC3AF431 |
| SHA-256: | B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62 |
| SHA-512: | 666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 720033 |
| Entropy (8bit): | 6.522470355445484 |
| Encrypted: | false |
| SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidb/gUHayxyFT:sQPh1eLSSKrPD37zzH2A6QD/srqggEBj |
| MD5: | BBB796D31DB8621A757501294FD8A626 |
| SHA1: | 0BDB1E67BAA8A569D8FED524B8737F522CAE5357 |
| SHA-256: | D8D0E912DE7CFED34DDD8EB282C9EF674F746109FC0C8C603884AF7B01638801 |
| SHA-512: | 613C1CECC83C196E91BC21C0475EC2B5F5B55804DFAD9D188B50A230CFD3FD68A09AF94C5C42A1579CA6BACFA101254319E9E48BD23A001515B676FD47D34E43 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4401 |
| Entropy (8bit): | 4.5787073185352565 |
| Encrypted: | false |
| SSDEEP: | 96:3k8M8Wjjv88QpL0GU9vX+eOIhAxx4cVSQs0LixNI98sui:FM8Wjb87pL0zuHIhAwcVSQ1sNIlr |
| MD5: | 4A52560C14B3883487F7C5AE770C1438 |
| SHA1: | A24E083AD29AAE36D3F787085F8130F67282FAA1 |
| SHA-256: | 1FDFE68791335CB18AF5CC14EB62BC05406BF48B573DB4AC085C44DBC52E1171 |
| SHA-512: | E0A45A1924A5E12F22616D9A10266C06554F42DCD8126274B5BED30FAAA5339EC41F023DE21A05984576020DAB9DEFE44C34B2867AEC86B7CB0280CE3C4E2861 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 720033 |
| Entropy (8bit): | 6.522470355445484 |
| Encrypted: | false |
| SSDEEP: | 12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidb/gUHayxyFT:sQPh1eLSSKrPD37zzH2A6QD/srqggEBj |
| MD5: | BBB796D31DB8621A757501294FD8A626 |
| SHA1: | 0BDB1E67BAA8A569D8FED524B8737F522CAE5357 |
| SHA-256: | D8D0E912DE7CFED34DDD8EB282C9EF674F746109FC0C8C603884AF7B01638801 |
| SHA-512: | 613C1CECC83C196E91BC21C0475EC2B5F5B55804DFAD9D188B50A230CFD3FD68A09AF94C5C42A1579CA6BACFA101254319E9E48BD23A001515B676FD47D34E43 |
| Malicious: | true |
| Preview: |
C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp 
Download File
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 708608 |
| Entropy (8bit): | 6.5141637560670596 |
| Encrypted: | false |
| SSDEEP: | 12288:UQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidb/gUHayxyF:UQPh1eLSSKrPD37zzH2A6QD/srqggEBX |
| MD5: | 5D678A5E268C0BAD90CD1584C53048AD |
| SHA1: | 41B792ED7DE224D3C2D7121C63BA1B585EBC996D |
| SHA-256: | 9E96DFF6633087E74AF0CED02E8F6E0848323335685618751A218F5486F516B2 |
| SHA-512: | C1F3AF1B7A2E73D1991E8A13C0141BF26F4EABD9A96E69E5EA937CD3BCF0B0B01658DF05E70FFB94645008CC58B2A21D3258E3A13DD87B4BAEF85269902FBA46 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2560 |
| Entropy (8bit): | 2.8818118453929262 |
| Encrypted: | false |
| SSDEEP: | 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG |
| MD5: | A69559718AB506675E907FE49DEB71E9 |
| SHA1: | BC8F404FFDB1960B50C12FF9413C893B56F2E36F |
| SHA-256: | 2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC |
| SHA-512: | E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 4.720366600008286 |
| Encrypted: | false |
| SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
| MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
| SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
| SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
| SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 23312 |
| Entropy (8bit): | 4.596242908851566 |
| Encrypted: | false |
| SSDEEP: | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
| MD5: | 92DC6EF532FBB4A5C3201469A5B5EB63 |
| SHA1: | 3E89FF837147C16B4E41C30D6C796374E0B8E62C |
| SHA-256: | 9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 |
| SHA-512: | 9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.997455626000112 |
| TrID: |
|
| File name: | SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe |
| File size: | 3'208'313 bytes |
| MD5: | 4e277b4187525cd19cd7269a4daf9fc1 |
| SHA1: | 611a0b0711f3850958422680b9b662466e7e800a |
| SHA256: | 733ad8a06b4d21a85c29b76af4a89b22077292903fc3df7eb052d4f2027af99f |
| SHA512: | c3f753dbdcc7c3d3caadcf04a76a07428d8d6d533463fe1088b0b9f69a6a31290f4f5bd4c4b2f2a59977fe4a89ade9323dd03ee7021031caae7def589b94ab03 |
| SSDEEP: | 98304:4a+WKrcMY3T+6xIs/GKV01lD3AjWk3yAD:porcNS6aZd3AH/D |
| TLSH: | 06E5338246A7ADB7E860DE7C29059E7C8BF75E64683F000131E9284D575F3C824ED767 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 2d2e3797b32b2b99 |
| Entrypoint: | 0x40a5f8 |
| Entrypoint Section: | CODE |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 1 |
| OS Version Minor: | 0 |
| File Version Major: | 1 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 1 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 884310b1928934402ea6fec1dbd3cf5e |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add esp, FFFFFFC4h |
| push ebx |
| push esi |
| push edi |
| xor eax, eax |
| mov dword ptr [ebp-10h], eax |
| mov dword ptr [ebp-24h], eax |
| call 00007F43D46080D3h |
| call 00007F43D46092DAh |
| call 00007F43D4609569h |
| call 00007F43D460960Ch |
| call 00007F43D460B5ABh |
| call 00007F43D460DF16h |
| call 00007F43D460E07Dh |
| xor eax, eax |
| push ebp |
| push 0040ACC9h |
| push dword ptr fs:[eax] |
| mov dword ptr fs:[eax], esp |
| xor edx, edx |
| push ebp |
| push 0040AC92h |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| mov eax, dword ptr [0040C014h] |
| call 00007F43D460EB2Bh |
| call 00007F43D460E716h |
| cmp byte ptr [0040B234h], 00000000h |
| je 00007F43D460F60Eh |
| call 00007F43D460EC28h |
| xor eax, eax |
| call 00007F43D4608DC9h |
| lea edx, dword ptr [ebp-10h] |
| xor eax, eax |
| call 00007F43D460BBBBh |
| mov edx, dword ptr [ebp-10h] |
| mov eax, 0040CE2Ch |
| call 00007F43D460816Ah |
| push 00000002h |
| push 00000000h |
| push 00000001h |
| mov ecx, dword ptr [0040CE2Ch] |
| mov dl, 01h |
| mov eax, 0040738Ch |
| call 00007F43D460C44Ah |
| mov dword ptr [0040CE30h], eax |
| xor edx, edx |
| push ebp |
| push 0040AC4Ah |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| call 00007F43D460EB86h |
| mov dword ptr [0040CE38h], eax |
| mov eax, dword ptr [0040CE38h] |
| cmp dword ptr [eax+0Ch], 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd000 | 0x950 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11000 | 0x2c00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xf000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| CODE | 0x1000 | 0x9d30 | 0x9e00 | 04ffdb46e50716ec8cb7db42819802fd | False | 0.6052956882911392 | data | 6.631603395825714 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| DATA | 0xb000 | 0x250 | 0x400 | beee52f18301950f82460d9ffe5aec7e | False | 0.306640625 | data | 2.7547169534996403 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| BSS | 0xc000 | 0xe90 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xd000 | 0x950 | 0xa00 | bb5485bf968b970e5ea81292af2acdba | False | 0.414453125 | data | 4.430733069799036 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0xe000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0xf000 | 0x18 | 0x200 | 9ba824905bf9c7922b6fc87a38b74366 | False | 0.052734375 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .reloc | 0x10000 | 0x8c4 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .rsrc | 0x11000 | 0x2c00 | 0x2c00 | 01303b7659440a457f51baa61baa5400 | False | 0.3332741477272727 | data | 4.591625228547384 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x11354 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
| RT_ICON | 0x1147c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
| RT_ICON | 0x119e4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
| RT_ICON | 0x11ccc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
| RT_STRING | 0x12574 | 0x2f2 | data | 0.35543766578249336 | ||
| RT_STRING | 0x12868 | 0x30c | data | 0.3871794871794872 | ||
| RT_STRING | 0x12b74 | 0x2ce | data | 0.42618384401114207 | ||
| RT_STRING | 0x12e44 | 0x68 | data | 0.75 | ||
| RT_STRING | 0x12eac | 0xb4 | data | 0.6277777777777778 | ||
| RT_STRING | 0x12f60 | 0xae | data | 0.5344827586206896 | ||
| RT_RCDATA | 0x13010 | 0x2c | data | 1.2045454545454546 | ||
| RT_GROUP_ICON | 0x1303c | 0x3e | data | English | United States | 0.8387096774193549 |
| RT_VERSION | 0x1307c | 0x4f4 | data | English | United States | 0.27996845425867506 |
| RT_MANIFEST | 0x13570 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
| DLL | Import |
|---|---|
| kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle |
| user32.dll | MessageBoxA |
| oleaut32.dll | VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen |
| advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA |
| kernel32.dll | WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle |
| user32.dll | TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA |
| comctl32.dll | InitCommonControls |
| advapi32.dll | AdjustTokenPrivileges |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Dutch | Netherlands |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-09-28T09:25:55.540626+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:55.540626+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.427061+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.427061+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.781783+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:58.781783+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:59.624548+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63628 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:25:59.624548+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63628 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:00.434553+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63629 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:00.434553+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63629 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:01.281941+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63630 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:01.281941+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63630 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:02.092723+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63631 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:02.092723+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63631 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.049963+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.049963+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.410859+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:03.410859+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:04.247928+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63633 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:04.247928+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63633 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.051376+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.051376+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.402850+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:05.402850+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.221287+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.221287+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.572307+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:06.572307+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:07.388696+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63636 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:07.388696+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63636 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.221257+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.221257+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.860198+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:08.860198+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:09.679607+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63638 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:09.679607+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63638 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:10.500217+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63639 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:10.500217+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63639 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:11.308851+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63640 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:11.308851+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63640 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:12.376602+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63641 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:12.376602+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63641 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.237350+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.237350+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.584649+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.584649+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.930705+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:13.930705+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:14.767368+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63643 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:14.767368+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63643 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:16.652444+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63644 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:16.652444+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63644 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:17.730814+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63645 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:17.730814+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63645 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:18.544748+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63646 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:18.544748+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63646 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.350971+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.350971+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.693692+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:19.693692+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.039696+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.039696+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.680848+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:20.680848+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:21.509099+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63648 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:21.509099+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63648 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:22.322391+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63649 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:22.322391+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63649 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:23.835727+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:23.835727+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.188683+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.188683+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.988129+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:24.988129+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:26.310503+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:26.310503+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.125276+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63652 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.125276+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63652 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.948092+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63653 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:27.948092+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63653 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:28.766691+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63654 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:28.766691+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63654 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:29.576544+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63655 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:29.576544+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63655 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:30.401804+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63656 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:30.401804+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63656 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:31.246416+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63657 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:31.246416+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63657 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.056708+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63658 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.056708+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63658 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.872983+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63659 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:32.872983+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63659 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:33.718827+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63660 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:33.718827+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63660 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:34.540230+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63661 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:34.540230+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63661 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:35.370223+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63662 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:35.370223+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63662 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.204093+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.204093+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.562402+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:36.562402+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:37.374139+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63664 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:37.374139+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63664 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:38.186075+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63665 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:38.186075+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63665 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.010930+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63666 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.010930+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63666 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.872727+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63667 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:39.872727+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63667 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:40.723914+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:40.723914+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:41.075276+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:41.075276+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.127712+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.127712+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.487985+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:42.487985+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.334326+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.334326+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.688516+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:43.688516+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:44.608533+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63671 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:44.608533+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63671 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:45.465389+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63672 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:45.465389+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63672 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:46.295276+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63673 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:46.295276+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63673 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:47.122375+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63674 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:47.122375+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63674 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:48.188351+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63675 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:48.188351+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63675 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.027064+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63676 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.027064+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63676 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.842755+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63677 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:49.842755+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63677 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:50.662820+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63678 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:50.662820+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63678 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:51.645002+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63679 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:51.645002+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63679 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:52.464837+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63680 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:52.464837+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63680 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:53.290624+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63681 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:53.290624+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63681 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.126585+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63682 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.126585+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63682 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.938947+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63683 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:54.938947+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63683 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:55.744507+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63684 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:55.744507+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63684 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:56.589229+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63685 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:56.589229+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63685 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:57.424641+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63686 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:57.424641+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63686 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:58.286158+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63687 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:58.286158+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63687 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:59.236495+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63688 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:26:59.236495+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63688 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.067537+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63689 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.067537+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63689 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.898430+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63690 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:00.898430+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63690 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:01.718700+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63691 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:01.718700+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63691 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:02.693859+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63692 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:02.693859+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63692 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:03.700537+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63693 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:03.700537+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63693 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:04.554380+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63694 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:04.554380+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63694 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:05.459809+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63695 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:05.459809+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63695 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:06.288510+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63696 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:06.288510+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63696 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:07.125952+0200 | 2049467 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 | 1 | 192.168.2.4 | 63697 | 185.208.158.248 | 80 | TCP |
| 2024-09-28T09:27:07.125952+0200 | 2050112 | ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 | 1 | 192.168.2.4 | 63697 | 185.208.158.248 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 28, 2024 09:25:54.807113886 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:54.830723047 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:54.830818892 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:54.833246946 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:54.844866037 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:55.540431023 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:55.540626049 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:55.542112112 CEST | 63625 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:55.549005985 CEST | 2023 | 63625 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:55.549092054 CEST | 63625 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:55.549189091 CEST | 63625 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:55.554929972 CEST | 2023 | 63625 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:55.555005074 CEST | 63625 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:55.559957027 CEST | 2023 | 63625 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:56.172540903 CEST | 2023 | 63625 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:56.220906019 CEST | 63625 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:58.178066015 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.183151960 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.426983118 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.427061081 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.537240982 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.542357922 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.781683922 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.781783104 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.782772064 CEST | 63627 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:58.789731026 CEST | 2023 | 63627 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.789834023 CEST | 63627 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:58.790014029 CEST | 63627 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:58.790071011 CEST | 63627 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:58.796535969 CEST | 2023 | 63627 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.838099957 CEST | 2023 | 63627 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.896641016 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.897022963 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.902869940 CEST | 80 | 63628 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.902961969 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.903218031 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.903417110 CEST | 80 | 63624 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:58.903472900 CEST | 63624 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:58.909080029 CEST | 80 | 63628 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:59.251296043 CEST | 2023 | 63627 | 195.154.173.35 | 192.168.2.4 |
| Sep 28, 2024 09:25:59.251377106 CEST | 63627 | 2023 | 192.168.2.4 | 195.154.173.35 |
| Sep 28, 2024 09:25:59.621717930 CEST | 80 | 63628 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:59.624547958 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.741966963 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.742340088 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.747195005 CEST | 80 | 63628 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:59.747260094 CEST | 80 | 63629 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:25:59.747345924 CEST | 63628 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.747452021 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.747534990 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:25:59.752302885 CEST | 80 | 63629 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:00.434387922 CEST | 80 | 63629 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:00.434552908 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.586000919 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.586369991 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.591308117 CEST | 80 | 63629 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:00.591449022 CEST | 63629 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.591449976 CEST | 80 | 63630 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:00.591532946 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.591706038 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:00.596518993 CEST | 80 | 63630 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:01.281862020 CEST | 80 | 63630 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:01.281940937 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.398354053 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.398752928 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.406558037 CEST | 80 | 63630 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:01.406636953 CEST | 80 | 63631 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:01.406665087 CEST | 63630 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.406728983 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.406928062 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:01.414361000 CEST | 80 | 63631 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:02.092626095 CEST | 80 | 63631 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:02.092722893 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.210676908 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.211050034 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.215780020 CEST | 80 | 63631 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:02.215878963 CEST | 63631 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.215915918 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:02.216001034 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.216139078 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:02.221100092 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.049871922 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.049962997 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.163912058 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.168863058 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.410763979 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.410859108 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.533204079 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.533664942 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.538429022 CEST | 80 | 63632 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.538575888 CEST | 80 | 63633 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:03.538625956 CEST | 63632 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.538693905 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.538916111 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:03.543739080 CEST | 80 | 63633 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:04.247778893 CEST | 80 | 63633 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:04.247927904 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.364778996 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.365101099 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.370318890 CEST | 80 | 63633 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:04.370356083 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:04.370393038 CEST | 63633 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.370472908 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.370587111 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:04.375405073 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.051310062 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.051376104 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.161781073 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.166645050 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.402781010 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.402849913 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.521364927 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.521686077 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.526587963 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.526679039 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.526704073 CEST | 80 | 63634 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:05.526761055 CEST | 63634 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.526822090 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:05.531610012 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.221194983 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.221287012 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.334950924 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.339884043 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.572079897 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.572307110 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.695729971 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.696863890 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.700993061 CEST | 80 | 63635 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.701065063 CEST | 63635 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.701756001 CEST | 80 | 63636 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:06.701833963 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.701957941 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:06.706702948 CEST | 80 | 63636 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:07.388587952 CEST | 80 | 63636 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:07.388695955 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.515300989 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.515693903 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.521809101 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:07.521976948 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.522044897 CEST | 80 | 63636 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:07.522104025 CEST | 63636 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.522203922 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:07.527014017 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.221177101 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.221256971 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.333986998 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.338989973 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.860011101 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.860198021 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.860333920 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.860393047 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.981687069 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.981961012 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.986829042 CEST | 80 | 63638 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.986917973 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.986985922 CEST | 80 | 63637 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:08.987015963 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.987056017 CEST | 63637 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:08.991908073 CEST | 80 | 63638 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:09.679363966 CEST | 80 | 63638 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:09.679606915 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.804440022 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.804765940 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.809662104 CEST | 80 | 63639 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:09.809773922 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.809789896 CEST | 80 | 63638 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:09.809864044 CEST | 63638 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.809988022 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:09.814848900 CEST | 80 | 63639 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:10.499979973 CEST | 80 | 63639 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:10.500216961 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.615422010 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.615832090 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.621167898 CEST | 80 | 63639 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:10.621259928 CEST | 63639 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.621288061 CEST | 80 | 63640 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:10.621356010 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.621484041 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:10.627212048 CEST | 80 | 63640 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:11.308670998 CEST | 80 | 63640 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:11.308851004 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.427438021 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.427634001 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.682426929 CEST | 80 | 63641 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:11.682686090 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.682785034 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.683104992 CEST | 80 | 63640 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:11.683304071 CEST | 63640 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:11.687628984 CEST | 80 | 63641 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:12.376364946 CEST | 80 | 63641 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:12.376601934 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.540712118 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.544058084 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.546111107 CEST | 80 | 63641 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:12.546180010 CEST | 63641 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.548980951 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:12.549063921 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.551276922 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:12.559050083 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.237262011 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.237349987 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:13.349365950 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:13.354201078 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.584573030 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.584649086 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:13.693576097 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:13.698456049 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.929151058 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:13.930705070 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.052764893 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.053127050 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.058954954 CEST | 80 | 63642 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:14.059581995 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:14.059787035 CEST | 63642 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.059828997 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.059978962 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.067560911 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:14.767263889 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:14.767368078 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.880985022 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:14.881311893 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.189697981 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.799134970 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.877202034 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.932171106 CEST | 80 | 63644 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:15.932221889 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:15.932250023 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:15.932284117 CEST | 80 | 63644 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:15.932403088 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.932621002 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.933384895 CEST | 80 | 63643 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:15.933470011 CEST | 63643 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:15.937542915 CEST | 80 | 63644 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:16.652307034 CEST | 80 | 63644 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:16.652443886 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.771190882 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.771506071 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.776490927 CEST | 80 | 63645 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:16.776573896 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.776658058 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.776809931 CEST | 80 | 63644 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:16.776876926 CEST | 63644 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:16.781716108 CEST | 80 | 63645 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:17.730667114 CEST | 80 | 63645 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:17.730720997 CEST | 80 | 63645 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:17.730813980 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.730892897 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.853387117 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.853602886 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.858447075 CEST | 80 | 63646 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:17.858540058 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.858692884 CEST | 80 | 63645 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:17.858730078 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.858755112 CEST | 63645 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:17.863535881 CEST | 80 | 63646 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:18.544666052 CEST | 80 | 63646 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:18.544748068 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.661870003 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.662508011 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.667368889 CEST | 80 | 63646 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:18.667449951 CEST | 63646 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.667505026 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:18.667592049 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.667742014 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:18.672656059 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:19.350874901 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:19.350970984 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:19.458714962 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:19.463727951 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:19.693502903 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:19.693691969 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:19.804538965 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:19.809629917 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.039589882 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.039695978 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.146485090 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.439069986 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.680558920 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.680847883 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.811207056 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.811441898 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.816252947 CEST | 80 | 63648 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.816343069 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.816446066 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.816461086 CEST | 80 | 63647 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:20.816525936 CEST | 63647 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:20.821305037 CEST | 80 | 63648 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:21.508894920 CEST | 80 | 63648 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:21.509099007 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.630554914 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.630783081 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.635750055 CEST | 80 | 63649 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:21.635862112 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.635915041 CEST | 80 | 63648 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:21.636303902 CEST | 63648 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.636413097 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:21.641227961 CEST | 80 | 63649 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:22.322309017 CEST | 80 | 63649 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:22.322391033 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.443240881 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.443497896 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.448509932 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:22.448616028 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.448652029 CEST | 80 | 63649 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:22.448715925 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.448717117 CEST | 63649 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:22.453509092 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:23.835563898 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:23.835656881 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:23.835690975 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:23.835726976 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:23.835762978 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:23.945981979 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:23.950890064 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.188489914 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.188683033 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.302366018 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.302665949 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.307775974 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.307879925 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.307971954 CEST | 80 | 63650 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.308002949 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.308044910 CEST | 63650 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:24.312872887 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.988037109 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:24.988128901 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:25.099764109 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:25.408510923 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.017880917 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.076152086 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.076189995 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.076225042 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.310414076 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.310503006 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.427323103 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.427639008 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.432554960 CEST | 80 | 63651 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.432606936 CEST | 80 | 63652 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:26.432642937 CEST | 63651 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.432684898 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.432795048 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:26.437592983 CEST | 80 | 63652 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.125190020 CEST | 80 | 63652 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.125276089 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.240015984 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.240355968 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.245310068 CEST | 80 | 63652 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.245347977 CEST | 80 | 63653 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.245381117 CEST | 63652 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.245438099 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.245536089 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:27.250475883 CEST | 80 | 63653 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.947992086 CEST | 80 | 63653 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:27.948091984 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.068356991 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.068686008 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.075268984 CEST | 80 | 63654 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.075309038 CEST | 80 | 63653 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.075406075 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.075406075 CEST | 63653 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.075476885 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.083204985 CEST | 80 | 63654 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.766494989 CEST | 80 | 63654 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.766690969 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.880585909 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.880888939 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.885782003 CEST | 80 | 63655 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.885867119 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.885884047 CEST | 80 | 63654 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:28.885952950 CEST | 63654 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.886018038 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:28.890791893 CEST | 80 | 63655 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:29.576410055 CEST | 80 | 63655 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:29.576544046 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.693766117 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.694128036 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.699131966 CEST | 80 | 63655 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:29.699187040 CEST | 80 | 63656 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:29.699213028 CEST | 63655 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.699269056 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.699425936 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:29.704216957 CEST | 80 | 63656 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:30.401570082 CEST | 80 | 63656 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:30.401803970 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.521393061 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.521663904 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.526921034 CEST | 80 | 63657 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:30.526954889 CEST | 80 | 63656 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:30.527007103 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.527036905 CEST | 63656 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.527215958 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:30.532130957 CEST | 80 | 63657 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:31.246319056 CEST | 80 | 63657 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:31.246416092 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.370017052 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.370348930 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.375261068 CEST | 80 | 63658 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:31.375359058 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.375456095 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.375792980 CEST | 80 | 63657 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:31.375860929 CEST | 63657 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:31.380446911 CEST | 80 | 63658 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.056621075 CEST | 80 | 63658 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.056708097 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.179413080 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.179725885 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.184587955 CEST | 80 | 63658 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.184648037 CEST | 80 | 63659 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.184669971 CEST | 63658 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.184725046 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.184907913 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.189776897 CEST | 80 | 63659 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.872776985 CEST | 80 | 63659 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.872982979 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.991569042 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.991863012 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:32.999862909 CEST | 80 | 63660 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:32.999960899 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.000049114 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.007348061 CEST | 80 | 63659 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:33.007421970 CEST | 63659 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.007725954 CEST | 80 | 63660 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:33.717663050 CEST | 80 | 63660 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:33.718827009 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.833812952 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.834139109 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.839623928 CEST | 80 | 63661 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:33.840066910 CEST | 80 | 63660 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:33.840173960 CEST | 63660 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.840186119 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.840281010 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:33.846786022 CEST | 80 | 63661 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:34.540162086 CEST | 80 | 63661 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:34.540230036 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.661968946 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.662254095 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.667515039 CEST | 80 | 63661 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:34.667582989 CEST | 63661 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.667939901 CEST | 80 | 63662 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:34.668015003 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.668129921 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:34.673229933 CEST | 80 | 63662 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:35.370002031 CEST | 80 | 63662 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:35.370223045 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.490056038 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.490248919 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.495548010 CEST | 80 | 63662 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:35.495589972 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:35.495637894 CEST | 63662 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.495682955 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.495841026 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:35.500823975 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.203995943 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.204092979 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.318408012 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.327302933 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.562328100 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.562402010 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.677812099 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.678293943 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.683079958 CEST | 80 | 63663 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.683177948 CEST | 63663 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.683482885 CEST | 80 | 63664 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:36.683571100 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.683720112 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:36.688786983 CEST | 80 | 63664 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:37.374027014 CEST | 80 | 63664 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:37.374139071 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.490531921 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.490876913 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.495748043 CEST | 80 | 63664 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:37.495830059 CEST | 63664 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.496330023 CEST | 80 | 63665 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:37.496406078 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.496514082 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:37.501715899 CEST | 80 | 63665 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:38.185995102 CEST | 80 | 63665 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:38.186074972 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.303014040 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.303446054 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.309108019 CEST | 80 | 63665 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:38.309202909 CEST | 63665 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.309334993 CEST | 80 | 63666 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:38.309415102 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.309573889 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:38.314516068 CEST | 80 | 63666 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.010843992 CEST | 80 | 63666 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.010930061 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.135319948 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.135674953 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.140873909 CEST | 80 | 63666 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.140964031 CEST | 63666 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.141251087 CEST | 80 | 63667 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.141463995 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.141623020 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.146869898 CEST | 80 | 63667 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.872391939 CEST | 80 | 63667 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.872726917 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.990366936 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.990669012 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.995637894 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:39.995733023 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:39.995815039 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:40.001962900 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:40.003016949 CEST | 80 | 63667 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:40.003102064 CEST | 63667 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:40.723728895 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:40.723913908 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:40.834142923 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:40.839251995 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.075207949 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.075275898 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.194025040 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.194351912 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.199223995 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.199289083 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.199453115 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.199528933 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.199667931 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.420298100 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.420470953 CEST | 63668 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:41.420798063 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:41.425569057 CEST | 80 | 63668 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.127506018 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.127712011 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.244132996 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.251084089 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.487885952 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.487984896 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.599518061 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.600331068 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.605392933 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.605619907 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.605763912 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.606326103 CEST | 80 | 63669 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:42.606399059 CEST | 63669 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:42.610732079 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.334103107 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.334326029 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.443151951 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.449855089 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.688433886 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.688515902 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.861531019 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.862121105 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.872122049 CEST | 80 | 63671 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.872205973 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.872330904 CEST | 80 | 63670 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:43.872397900 CEST | 63670 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.874133110 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:43.879089117 CEST | 80 | 63671 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:44.608421087 CEST | 80 | 63671 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:44.608532906 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.731794119 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.732640982 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.737437010 CEST | 80 | 63671 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:44.737545013 CEST | 63671 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.738934994 CEST | 80 | 63672 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:44.739129066 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.739458084 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:44.745999098 CEST | 80 | 63672 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:45.465293884 CEST | 80 | 63672 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:45.465389013 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.590009928 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.590409040 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.595637083 CEST | 80 | 63672 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:45.595711946 CEST | 63672 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.596621037 CEST | 80 | 63673 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:45.596703053 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.596867085 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:45.601768017 CEST | 80 | 63673 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:46.295151949 CEST | 80 | 63673 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:46.295275927 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.412386894 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.412702084 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.418154955 CEST | 80 | 63674 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:46.418277979 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.418433905 CEST | 80 | 63673 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:46.418510914 CEST | 63673 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.418606997 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:46.423882008 CEST | 80 | 63674 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:47.121989012 CEST | 80 | 63674 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:47.122375011 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.240148067 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.240340948 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.476478100 CEST | 80 | 63675 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:47.476567984 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.476615906 CEST | 80 | 63674 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:47.476672888 CEST | 63674 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.476861000 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:47.482850075 CEST | 80 | 63675 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:48.188256979 CEST | 80 | 63675 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:48.188350916 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.304785967 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.305694103 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.335696936 CEST | 80 | 63675 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:48.335788012 CEST | 63675 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.336997032 CEST | 80 | 63676 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:48.337182999 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.337256908 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:48.342545033 CEST | 80 | 63676 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.026853085 CEST | 80 | 63676 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.027064085 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.148391008 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.148616076 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.153842926 CEST | 80 | 63676 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.153923988 CEST | 80 | 63677 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.153939962 CEST | 63676 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.154021978 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.154220104 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.159317017 CEST | 80 | 63677 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.842535973 CEST | 80 | 63677 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.842755079 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.961637020 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.962191105 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.967113972 CEST | 80 | 63678 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.967221975 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.967339993 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.967485905 CEST | 80 | 63677 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:49.967557907 CEST | 63677 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:49.972417116 CEST | 80 | 63678 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:50.662727118 CEST | 80 | 63678 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:50.662820101 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.904525995 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.908457041 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.909807920 CEST | 80 | 63678 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:50.909899950 CEST | 63678 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.913408041 CEST | 80 | 63679 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:50.913489103 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.916964054 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:50.921871901 CEST | 80 | 63679 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:51.644586086 CEST | 80 | 63679 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:51.645001888 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.772126913 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.772840977 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.777317047 CEST | 80 | 63679 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:51.777432919 CEST | 63679 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.777647972 CEST | 80 | 63680 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:51.777765036 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.778137922 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:51.783026934 CEST | 80 | 63680 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:52.464641094 CEST | 80 | 63680 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:52.464837074 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.599981070 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.600539923 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.605237007 CEST | 80 | 63680 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:52.605310917 CEST | 63680 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.605431080 CEST | 80 | 63681 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:52.605513096 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.605760098 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:52.610531092 CEST | 80 | 63681 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:53.290354967 CEST | 80 | 63681 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:53.290623903 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.415992975 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.416318893 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.421183109 CEST | 80 | 63682 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:53.421339035 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.421340942 CEST | 80 | 63681 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:53.421432972 CEST | 63681 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.421627045 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:53.426470041 CEST | 80 | 63682 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.126311064 CEST | 80 | 63682 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.126585007 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.242819071 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.243561983 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.248250961 CEST | 80 | 63682 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.248374939 CEST | 63682 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.248529911 CEST | 80 | 63683 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.248641968 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.249007940 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:54.253884077 CEST | 80 | 63683 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.936507940 CEST | 80 | 63683 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:54.938946962 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.053478003 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.053778887 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.058661938 CEST | 80 | 63684 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.058824062 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.058964968 CEST | 80 | 63683 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.059036970 CEST | 63683 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.059149027 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.064034939 CEST | 80 | 63684 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.744399071 CEST | 80 | 63684 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.744507074 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.867249012 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.867595911 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.872478008 CEST | 80 | 63684 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.872559071 CEST | 80 | 63685 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:55.872567892 CEST | 63684 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.872637033 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.872770071 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:55.879230976 CEST | 80 | 63685 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:56.589135885 CEST | 80 | 63685 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:56.589229107 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.709069014 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.709444046 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.714363098 CEST | 80 | 63685 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:56.714399099 CEST | 80 | 63686 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:56.714467049 CEST | 63685 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.714504004 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.714623928 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:56.719587088 CEST | 80 | 63686 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:57.424351931 CEST | 80 | 63686 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:57.424640894 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.541708946 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.542121887 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.547079086 CEST | 80 | 63687 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:57.547175884 CEST | 80 | 63686 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:57.547185898 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.547241926 CEST | 63686 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.547421932 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:57.552258968 CEST | 80 | 63687 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:58.286079884 CEST | 80 | 63687 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:58.286158085 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.399832964 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.400156975 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.405702114 CEST | 80 | 63688 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:58.405787945 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.405842066 CEST | 80 | 63687 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:58.405904055 CEST | 63687 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.406039953 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:58.411338091 CEST | 80 | 63688 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:59.236036062 CEST | 80 | 63688 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:59.236495018 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.351005077 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.351367950 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.356452942 CEST | 80 | 63688 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:59.356782913 CEST | 63688 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.356921911 CEST | 80 | 63689 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:26:59.360783100 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.360903978 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:26:59.366739988 CEST | 80 | 63689 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.067451000 CEST | 80 | 63689 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.067537069 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.179209948 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.179570913 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.184436083 CEST | 80 | 63690 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.184494019 CEST | 80 | 63689 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.184520006 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.184560061 CEST | 63689 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.184675932 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:00.189496040 CEST | 80 | 63690 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.898093939 CEST | 80 | 63690 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:00.898430109 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.015048027 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.015455961 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.020658970 CEST | 80 | 63691 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.020693064 CEST | 80 | 63690 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.020761013 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.020842075 CEST | 63690 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.020960093 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.025825024 CEST | 80 | 63691 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.718612909 CEST | 80 | 63691 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.718699932 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.978254080 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.978534937 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.983504057 CEST | 80 | 63692 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.983537912 CEST | 80 | 63691 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:01.983576059 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.983612061 CEST | 63691 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.983807087 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:01.988951921 CEST | 80 | 63692 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:02.691826105 CEST | 80 | 63692 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:02.693859100 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.835753918 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.836775064 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.981064081 CEST | 80 | 63693 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:02.981187105 CEST | 80 | 63692 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:02.981215000 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.981290102 CEST | 63692 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.981369972 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:02.986362934 CEST | 80 | 63693 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:03.700449944 CEST | 80 | 63693 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:03.700536966 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.850018024 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.850835085 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.855422020 CEST | 80 | 63693 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:03.855494022 CEST | 63693 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.855712891 CEST | 80 | 63694 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:03.855788946 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.855961084 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:03.860904932 CEST | 80 | 63694 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:04.554239035 CEST | 80 | 63694 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:04.554379940 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.714106083 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.714550018 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.719280005 CEST | 80 | 63694 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:04.719357014 CEST | 63694 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.719418049 CEST | 80 | 63695 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:04.719485044 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.719615936 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:04.724395990 CEST | 80 | 63695 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:05.459724903 CEST | 80 | 63695 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:05.459809065 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.573504925 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.573817968 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.578789949 CEST | 80 | 63696 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:05.578918934 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.578994036 CEST | 80 | 63695 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:05.579041004 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.579049110 CEST | 63695 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:05.583865881 CEST | 80 | 63696 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:06.285942078 CEST | 80 | 63696 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:06.288510084 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.432147026 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.432157040 CEST | 63697 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.437267065 CEST | 80 | 63697 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:06.437500954 CEST | 80 | 63696 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:06.437627077 CEST | 63696 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.437632084 CEST | 63697 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.437750101 CEST | 63697 | 80 | 192.168.2.4 | 185.208.158.248 |
| Sep 28, 2024 09:27:06.442532063 CEST | 80 | 63697 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:07.125874043 CEST | 80 | 63697 | 185.208.158.248 | 192.168.2.4 |
| Sep 28, 2024 09:27:07.125952005 CEST | 63697 | 80 | 192.168.2.4 | 185.208.158.248 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 28, 2024 09:25:21.493808985 CEST | 53 | 50769 | 1.1.1.1 | 192.168.2.4 |
| Sep 28, 2024 09:25:54.495637894 CEST | 61464 | 53 | 192.168.2.4 | 45.155.250.90 |
| Sep 28, 2024 09:25:54.748558044 CEST | 53 | 61464 | 45.155.250.90 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Sep 28, 2024 09:25:54.495637894 CEST | 192.168.2.4 | 45.155.250.90 | 0x5742 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Sep 28, 2024 09:25:54.748558044 CEST | 45.155.250.90 | 192.168.2.4 | 0x5742 | No error (0) | 185.208.158.248 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 63624 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:25:54.833246946 CEST | 319 | OUT | |
| Sep 28, 2024 09:25:55.540431023 CEST | 1044 | IN | |
| Sep 28, 2024 09:25:58.178066015 CEST | 327 | OUT | |
| Sep 28, 2024 09:25:58.426983118 CEST | 220 | IN | |
| Sep 28, 2024 09:25:58.537240982 CEST | 327 | OUT | |
| Sep 28, 2024 09:25:58.781683922 CEST | 900 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 63628 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:25:58.903218031 CEST | 327 | OUT | |
| Sep 28, 2024 09:25:59.621717930 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 63629 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:25:59.747534990 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:00.434387922 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 63630 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:00.591706038 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:01.281862020 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 63631 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:01.406928062 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:02.092626095 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 63632 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:02.216139078 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:03.049871922 CEST | 220 | IN | |
| Sep 28, 2024 09:26:03.163912058 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:03.410763979 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 63633 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:03.538916111 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:04.247778893 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 63634 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:04.370587111 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:05.051310062 CEST | 220 | IN | |
| Sep 28, 2024 09:26:05.161781073 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:05.402781010 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 63635 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:05.526822090 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:06.221194983 CEST | 220 | IN | |
| Sep 28, 2024 09:26:06.334950924 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:06.572079897 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 63636 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:06.701957941 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:07.388587952 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 63637 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:07.522203922 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:08.221177101 CEST | 220 | IN | |
| Sep 28, 2024 09:26:08.333986998 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:08.860011101 CEST | 220 | IN | |
| Sep 28, 2024 09:26:08.860333920 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 63638 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:08.987015963 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:09.679363966 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 63639 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:09.809988022 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:10.499979973 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 63640 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:10.621484041 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:11.308670998 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 63641 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:11.682785034 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:12.376364946 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 63642 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:12.551276922 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:13.237262011 CEST | 220 | IN | |
| Sep 28, 2024 09:26:13.349365950 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:13.584573030 CEST | 220 | IN | |
| Sep 28, 2024 09:26:13.693576097 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:13.929151058 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 63643 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:14.059978962 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:14.767263889 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 63644 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:15.932621002 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:16.652307034 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 63645 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:16.776658058 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:17.730667114 CEST | 220 | IN | |
| Sep 28, 2024 09:26:17.730720997 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 63646 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:17.858730078 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:18.544666052 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 63647 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:18.667742014 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:19.350874901 CEST | 220 | IN | |
| Sep 28, 2024 09:26:19.458714962 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:19.693502903 CEST | 220 | IN | |
| Sep 28, 2024 09:26:19.804538965 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:20.039589882 CEST | 220 | IN | |
| Sep 28, 2024 09:26:20.146485090 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:20.680558920 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 63648 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:20.816446066 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:21.508894920 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.4 | 63649 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:21.636413097 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:22.322309017 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.4 | 63650 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:22.448715925 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:23.835563898 CEST | 220 | IN | |
| Sep 28, 2024 09:26:23.835656881 CEST | 220 | IN | |
| Sep 28, 2024 09:26:23.835690975 CEST | 220 | IN | |
| Sep 28, 2024 09:26:23.945981979 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:24.188489914 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.4 | 63651 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:24.308002949 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:24.988037109 CEST | 220 | IN | |
| Sep 28, 2024 09:26:25.099764109 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:25.408510923 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:26.017880917 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:26.310414076 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.4 | 63652 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:26.432795048 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:27.125190020 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.4 | 63653 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:27.245536089 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:27.947992086 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.4 | 63654 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:28.075476885 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:28.766494989 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.4 | 63655 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:28.886018038 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:29.576410055 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.4 | 63656 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:29.699425936 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:30.401570082 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.4 | 63657 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:30.527215958 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:31.246319056 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.4 | 63658 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:31.375456095 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:32.056621075 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.4 | 63659 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:32.184907913 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:32.872776985 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.4 | 63660 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:33.000049114 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:33.717663050 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.4 | 63661 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:33.840281010 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:34.540162086 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.4 | 63662 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:34.668129921 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:35.370002031 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.4 | 63663 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:35.495841026 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:36.203995943 CEST | 220 | IN | |
| Sep 28, 2024 09:26:36.318408012 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:36.562328100 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.4 | 63664 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:36.683720112 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:37.374027014 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 38 | 192.168.2.4 | 63665 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:37.496514082 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:38.185995102 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 39 | 192.168.2.4 | 63666 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:38.309573889 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:39.010843992 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 40 | 192.168.2.4 | 63667 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:39.141623020 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:39.872391939 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 41 | 192.168.2.4 | 63668 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:39.995815039 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:40.723728895 CEST | 220 | IN | |
| Sep 28, 2024 09:26:40.834142923 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:41.075207949 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 42 | 192.168.2.4 | 63669 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:41.199667931 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:42.127506018 CEST | 220 | IN | |
| Sep 28, 2024 09:26:42.244132996 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:42.487885952 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 43 | 192.168.2.4 | 63670 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:42.605763912 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:43.334103107 CEST | 220 | IN | |
| Sep 28, 2024 09:26:43.443151951 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:43.688433886 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 44 | 192.168.2.4 | 63671 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:43.874133110 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:44.608421087 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 45 | 192.168.2.4 | 63672 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:44.739458084 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:45.465293884 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 46 | 192.168.2.4 | 63673 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:45.596867085 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:46.295151949 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 47 | 192.168.2.4 | 63674 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:46.418606997 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:47.121989012 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 48 | 192.168.2.4 | 63675 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:47.476861000 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:48.188256979 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 49 | 192.168.2.4 | 63676 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:48.337256908 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:49.026853085 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 50 | 192.168.2.4 | 63677 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:49.154220104 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:49.842535973 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 51 | 192.168.2.4 | 63678 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:49.967339993 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:50.662727118 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 52 | 192.168.2.4 | 63679 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:50.916964054 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:51.644586086 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 53 | 192.168.2.4 | 63680 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:51.778137922 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:52.464641094 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 54 | 192.168.2.4 | 63681 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:52.605760098 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:53.290354967 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 55 | 192.168.2.4 | 63682 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:53.421627045 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:54.126311064 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 56 | 192.168.2.4 | 63683 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:54.249007940 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:54.936507940 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 57 | 192.168.2.4 | 63684 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:55.059149027 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:55.744399071 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 58 | 192.168.2.4 | 63685 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:55.872770071 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:56.589135885 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 59 | 192.168.2.4 | 63686 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:56.714623928 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:57.424351931 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 60 | 192.168.2.4 | 63687 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:57.547421932 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:58.286079884 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 61 | 192.168.2.4 | 63688 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:58.406039953 CEST | 327 | OUT | |
| Sep 28, 2024 09:26:59.236036062 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 62 | 192.168.2.4 | 63689 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:26:59.360903978 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:00.067451000 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 63 | 192.168.2.4 | 63690 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:00.184675932 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:00.898093939 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 64 | 192.168.2.4 | 63691 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:01.020960093 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:01.718612909 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 65 | 192.168.2.4 | 63692 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:01.983807087 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:02.691826105 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 66 | 192.168.2.4 | 63693 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:02.981369972 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:03.700449944 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 67 | 192.168.2.4 | 63694 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:03.855961084 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:04.554239035 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 68 | 192.168.2.4 | 63695 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:04.719615936 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:05.459724903 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 69 | 192.168.2.4 | 63696 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:05.579041004 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:06.285942078 CEST | 220 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 70 | 192.168.2.4 | 63697 | 185.208.158.248 | 80 | 7572 | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Sep 28, 2024 09:27:06.437750101 CEST | 327 | OUT | |
| Sep 28, 2024 09:27:07.125874043 CEST | 220 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:24:59 |
| Start date: | 28/09/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'208'313 bytes |
| MD5 hash: | 4E277B4187525CD19CD7269A4DAF9FC1 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 03:25:00 |
| Start date: | 28/09/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 708'608 bytes |
| MD5 hash: | 5D678A5E268C0BAD90CD1584C53048AD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 03:25:01 |
| Start date: | 28/09/2024 |
| Path: | C:\Users\user\AppData\Local\Play Glock\playglock.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2'916'352 bytes |
| MD5 hash: | 31590895739E872769BF62DD513196B7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 2.4% |
| Total number of Nodes: | 1520 |
| Total number of Limit Nodes: | 22 |
Graph
Function 00409B78 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040520C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004099EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401918 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A814 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A82F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405280 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409C34 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405258 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CF4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040840C Relevance: .5, Instructions: 545COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 15.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 4.2% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 63 |
Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E0AC Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00450334 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423C1C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046744C Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1656windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452AD4 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046E1E4 Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408578 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423B94 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455644 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F594 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F250 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00492DEC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483F60 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00468E4C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047D2FC Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040632C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F5D4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00453264 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00467228 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004309B4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042369C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418F48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041364C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455780 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DE54 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454E48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042ED48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455AB8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00472350 Relevance: 6.3, APIs: 4, Instructions: 272fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048017C Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421284 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416B52 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004230D8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048446C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047CA5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F03C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045715C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CEF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00482160 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B400 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B134 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042440C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416654 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EE64 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047C978 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F0AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DE2C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047E8F8 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045285C Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040ADE8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EEB4 Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452CF4 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004527E4 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042324C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E3A4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047CD0F Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045096C Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040626C Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004085EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041FBAC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C550 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00441408 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416560 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004149C4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00450838 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CCDC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E8D8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AF80 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062F8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454C6C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041468C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F20 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042365C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004242D4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00466BE8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CD34 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406ED0 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004509A0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004072B8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E3FF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004165FC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044879C Relevance: 1.4, APIs: 1, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047E21C Relevance: 1.4, APIs: 1, Instructions: 157COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F3D4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00453038 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401340 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F58 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F128 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458670 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418394 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045568C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0049877C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045763C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455EB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417CE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464200 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00463D84 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E944 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00483E20 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004627F8 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004241EC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417CDE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004175A8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004241A4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004125E8 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478EFC Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D2E4 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D2FC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001130 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 10001000 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044B6CC Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004566E0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310comCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00498AA8 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045CC68 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004548E8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00459500 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458AEC Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045459C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00497328 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00462A98 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F1E8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458CC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456DC8 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E428 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00481D38 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D35C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D1EC Relevance: 13.6, APIs: 9, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00496BCC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004703F4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00462ED8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004787AC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429490 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041DE34 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047708C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411704 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00457384 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004780A8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045982C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C158 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418C64 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00484150 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B472 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495A04 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D730 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EA2C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044C850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047905C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B67C Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B94C Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B518 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BD9C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401A90 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047EBDC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B280 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EAB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E9BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477FD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416C3C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414810 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004297DC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BBC8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004143F0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FB4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00453930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456CA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004571FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478B28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004840A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045940C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042EB64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044F7B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00499040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046469C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047DB00 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413D08 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408A64 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044E938 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495FFC Relevance: 6.1, APIs: 4, Instructions: 81COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417228 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00495CB4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454FF0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D020 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019CC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047D1CC Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478640 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424250 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040627C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047A69C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004767E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004792D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004501DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00496A78 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DD74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045571C Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.3% |
| Dynamic/Decrypted Code Coverage: | 82.9% |
| Signature Coverage: | 4.4% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 40 |
Graph
Function 02C572AB Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5648B Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C5F8DE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004021BF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C5F7DA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024E9 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C940A2 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 137sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C51CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C54D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C526DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C529EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C51BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00402703 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C52EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C52DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C62030 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C51AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B50A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B0F2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402211 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025FD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C54BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C58321 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004039F0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C55119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5E8F8 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C8E4B9 Relevance: 1.6, APIs: 1, Instructions: 50fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C533B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02CAEA68 Relevance: 1.5, APIs: 1, Instructions: 42fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C5E488 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5E267 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040279B Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402293 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C9E1F8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C8F299 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B257 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C620A0 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040212F Relevance: 1.3, APIs: 1, Instructions: 27memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402724 Relevance: 1.3, APIs: 1, Instructions: 25sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402315 Relevance: 1.3, APIs: 1, Instructions: 22stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B375 Relevance: 1.3, APIs: 1, Instructions: 15sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1EC Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026BF Relevance: 1.3, APIs: 1, Instructions: 10sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C608B8 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040B202 Relevance: 1.5, APIs: 1, Instructions: 8serviceCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C5F792 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C524E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004023AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 80registrysynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C53423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405408 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403C59 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004058D5 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C61550 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C61662 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00404618 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 102memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C65CD4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C63404 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C634D9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C755C0 Relevance: 9.3, APIs: 6, Instructions: 276COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00405B24 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C51C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C61870 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C54030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 004036D0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5207C Relevance: 7.6, APIs: 5, Instructions: 97timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5E02F Relevance: 7.6, APIs: 5, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C521D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C51EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C60800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C530AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C63A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00403E3A Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C636F0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C53D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C5247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C52004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C51E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040475C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 27memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02C595A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 02C519C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0040446C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|