Windows
Analysis Report
W1FREE.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- W1FREE.exe (PID: 6892 cmdline:
"C:\Users\ user\Deskt op\W1FREE. exe" MD5: 6F7CABF4B4354595F267D7D0860A7264) - schtasks.exe (PID: 3496 cmdline:
"C:\Window s\System32 \schtasks. exe" /crea te /f /RL HIGHEST /s c minute / mo 1 /tn " system" /t r "C:\User s\user\App Data\Roami ng\system. exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2) - conhost.exe (PID: 4444 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- system.exe (PID: 2596 cmdline:
C:\Users\u ser\AppDat a\Roaming\ system.exe MD5: 6F7CABF4B4354595F267D7D0860A7264)
- system.exe (PID: 2140 cmdline:
"C:\Users\ user\AppDa ta\Roaming \system.ex e" MD5: 6F7CABF4B4354595F267D7D0860A7264)
- system.exe (PID: 2284 cmdline:
"C:\Users\ user\AppDa ta\Roaming \system.ex e" MD5: 6F7CABF4B4354595F267D7D0860A7264)
- system.exe (PID: 4340 cmdline:
C:\Users\u ser\AppDat a\Roaming\ system.exe MD5: 6F7CABF4B4354595F267D7D0860A7264)
- system.exe (PID: 3520 cmdline:
MD5: 6F7CABF4B4354595F267D7D0860A7264)
- system.exe (PID: 4940 cmdline:
MD5: 6F7CABF4B4354595F267D7D0860A7264)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["choose-throw.gl.at.ply.gg"], "Port": "13217", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T12:32:14.514515+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 63770 | 147.185.221.23 | 13217 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | DNS query: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Operating System Destruction |
---|
Source: | Process information set: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FFD9B7F2381 | |
Source: | Code function: | 0_2_00007FFD9B7F1719 | |
Source: | Code function: | 0_2_00007FFD9B7F6E62 | |
Source: | Code function: | 0_2_00007FFD9B7F0860 | |
Source: | Code function: | 0_2_00007FFD9B7F60B6 | |
Source: | Code function: | 0_2_00007FFD9B7F20ED | |
Source: | Code function: | 0_2_00007FFD9B7F108D | |
Source: | Code function: | 3_2_00007FFD9B7E1719 | |
Source: | Code function: | 3_2_00007FFD9B7E1038 | |
Source: | Code function: | 3_2_00007FFD9B7E20ED | |
Source: | Code function: | 7_2_00007FFD9B7D1719 | |
Source: | Code function: | 7_2_00007FFD9B7D1038 | |
Source: | Code function: | 7_2_00007FFD9B7D20ED | |
Source: | Code function: | 8_2_00007FFD9B801719 | |
Source: | Code function: | 8_2_00007FFD9B801038 | |
Source: | Code function: | 8_2_00007FFD9B8020ED | |
Source: | Code function: | 9_2_00007FFD9B7F1719 | |
Source: | Code function: | 9_2_00007FFD9B7F1038 | |
Source: | Code function: | 9_2_00007FFD9B7F20ED |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FFD9B7F00C1 | |
Source: | Code function: | 0_2_00007FFD9B7F2B4A | |
Source: | Code function: | 3_2_00007FFD9B7E00C1 | |
Source: | Code function: | 7_2_00007FFD9B7D00C1 | |
Source: | Code function: | 8_2_00007FFD9B8000C1 | |
Source: | Code function: | 9_2_00007FFD9B7F00C1 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | HTTP traffic detected: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FFD9B7F7A71 |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 Scheduled Task/Job | 12 Process Injection | 1 Masquerading | OS Credential Dumping | 641 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 21 Registry Run Keys / Startup Folder | 1 Scheduled Task/Job | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 DLL Side-Loading | 21 Registry Run Keys / Startup Folder | 251 Virtualization/Sandbox Evasion | Security Account Manager | 251 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 12 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | 12 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | 23 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
77% | Virustotal | Browse | ||
81% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML | |||
81% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
77% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
8% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
8% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ip-api.com | 208.95.112.1 | true | true |
| unknown |
choose-throw.gl.at.ply.gg | 147.185.221.23 | true | true |
| unknown |
206.23.85.13.in-addr.arpa | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | true | |
147.185.221.23 | choose-throw.gl.at.ply.gg | United States | 12087 | SALSGIVERUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532111 |
Start date and time: | 2024-10-12 12:28:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Sample name: | W1FREE.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@10/4@4/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target system.exe, PID 2140 because it is empty
- Execution Graph export aborted for target system.exe, PID 2284 because it is empty
- Execution Graph export aborted for target system.exe, PID 2596 because it is empty
- Execution Graph export aborted for target system.exe, PID 4340 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:29:07 | API Interceptor | |
11:29:07 | Task Scheduler | |
11:29:10 | Autostart | |
11:29:18 | Autostart | |
11:29:26 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Quasar | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ip-api.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Quasar | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TUT-ASUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Quasar | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
SALSGIVERUS | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | SilentXMRMiner, Xmrig | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Process: | C:\Users\user\AppData\Roaming\system.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.380476433908377 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT |
MD5: | 30E4BDFC34907D0E4D11152CAEBE27FA |
SHA1: | 825402D6B151041BA01C5117387228EC9B7168BF |
SHA-256: | A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63 |
SHA-512: | 89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\W1FREE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 3.6722687970803873 |
Encrypted: | false |
SSDEEP: | 3:rRSFYJKXzovNsr42VjFYJKXzovuEXn:EFYJKDoWr5FYJKDoG+n |
MD5: | DE63D53293EBACE29F3F54832D739D40 |
SHA1: | 1BC3FEF699C3C2BB7B9A9D63C7E60381263EDA7F |
SHA-256: | A86BA2FC02725E4D97799A622EB68BF2FCC6167D439484624FA2666468BBFB1B |
SHA-512: | 10AB83C81F572DBAA99441D2BFD8EC5FF1C4BA84256ACDBD24FEB30A33498B689713EBF767500DAAAD6D188A3B9DC970CF858A6896F4381CEAC1F6A74E1603D0 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\W1FREE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 759 |
Entropy (8bit): | 5.025100099488229 |
Encrypted: | false |
SSDEEP: | 12:8R50sg41IBSWCggdY//UgLVKK5rfjAcCrH9eSBfBmV:8fB1IBNK+My3lrAVgSBfBm |
MD5: | 4A7C098B5AA8809D45DC95D5CDBA7559 |
SHA1: | 695CAF3C831637CD41C52643A27CB98B98EAFACE |
SHA-256: | 66EFB6890CA26718188270C1857D29609A7D7EB9D245AB2C59EC051647547E48 |
SHA-512: | 872C8BE1BC6EA9243CE6B00CEBC31E3CF0D5910644ACB18A6142625A1BCF89235656327C749C656D15318856C06377FD1704E7FFA6750EC2629D659593571D16 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\W1FREE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 68608 |
Entropy (8bit): | 5.963964626880383 |
Encrypted: | false |
SSDEEP: | 1536:wxvEVs0WIyYR9hYoQtzJbI0UB+E32zUfOTwDnzRQ:wx8VTy+h/YlbV5oOEDFQ |
MD5: | 6F7CABF4B4354595F267D7D0860A7264 |
SHA1: | 3743B4D0F283254216471AF3D7A48FEBE1EA3D22 |
SHA-256: | EF18DAB7131E795B252462E96EEE632DCDE3EACD98E4B58078EB82C74F5BD2A4 |
SHA-512: | 39CC260160567A730656087C76B01CE28FA493B748344BD8215CCEECA8863B89FD8FB0F3F2DC5C647DD0C531048B41744E7117CA985FDFAF96B2B609BA55455B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.963964626880383 |
TrID: |
|
File name: | W1FREE.exe |
File size: | 68'608 bytes |
MD5: | 6f7cabf4b4354595f267d7d0860a7264 |
SHA1: | 3743b4d0f283254216471af3d7a48febe1ea3d22 |
SHA256: | ef18dab7131e795b252462e96eee632dcde3eacd98e4b58078eb82c74f5bd2a4 |
SHA512: | 39cc260160567a730656087c76b01ce28fa493b748344bd8215cceeca8863b89fd8fb0f3f2dc5c647dd0c531048b41744e7117ca985fdfaf96b2b609ba55455b |
SSDEEP: | 1536:wxvEVs0WIyYR9hYoQtzJbI0UB+E32zUfOTwDnzRQ:wx8VTy+h/YlbV5oOEDFQ |
TLSH: | 3B636B0CB7E90125E1BF9FB61DE63216CB7ABB531803D71F28D901992B23A88C9516F5 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=..g.............................!... ...@....@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x41219e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6706053D [Wed Oct 9 04:23:25 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x12150 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x14000 | 0x4ce | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x16000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x101a4 | 0x10200 | 57caa1d2c9beee43e50078cf26a8d5d7 | False | 0.5952943313953488 | data | 6.044060316278805 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x14000 | 0x4ce | 0x600 | ef7668093b44becc378928c94d325834 | False | 0.375 | data | 3.7346556064321574 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x16000 | 0xc | 0x200 | d23945842d5749028e1c2e51cfb9582e | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x140a0 | 0x244 | data | 0.47413793103448276 | ||
RT_MANIFEST | 0x142e4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T12:30:15.795671+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.4 | 63601 | 147.185.221.23 | 13217 | TCP |
2024-10-12T12:32:14.514515+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.4 | 63770 | 147.185.221.23 | 13217 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 12, 2024 12:29:06.038145065 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:29:06.043087959 CEST | 80 | 49730 | 208.95.112.1 | 192.168.2.4 |
Oct 12, 2024 12:29:06.043170929 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:29:06.043679953 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:29:06.048616886 CEST | 80 | 49730 | 208.95.112.1 | 192.168.2.4 |
Oct 12, 2024 12:29:06.531672001 CEST | 80 | 49730 | 208.95.112.1 | 192.168.2.4 |
Oct 12, 2024 12:29:06.573265076 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:29:08.062927008 CEST | 49731 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:08.068160057 CEST | 13217 | 49731 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:08.068480015 CEST | 49731 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:08.109390974 CEST | 49731 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:08.114361048 CEST | 13217 | 49731 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:13.046662092 CEST | 13217 | 49731 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:13.047143936 CEST | 49731 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:14.964471102 CEST | 49731 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:14.969722986 CEST | 13217 | 49731 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:14.970746994 CEST | 49732 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:14.975771904 CEST | 13217 | 49732 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:14.975976944 CEST | 49732 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:14.996591091 CEST | 49732 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:15.001749039 CEST | 13217 | 49732 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:19.940664053 CEST | 13217 | 49732 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:19.940902948 CEST | 49732 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:22.683156013 CEST | 49732 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:22.685823917 CEST | 49739 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:22.688323975 CEST | 13217 | 49732 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:22.690848112 CEST | 13217 | 49739 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:22.690972090 CEST | 49739 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:22.720134020 CEST | 49739 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:22.725382090 CEST | 13217 | 49739 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:27.651573896 CEST | 13217 | 49739 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:27.651662111 CEST | 49739 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:32.229749918 CEST | 49739 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:32.231775999 CEST | 49740 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:32.234838009 CEST | 13217 | 49739 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:32.236944914 CEST | 13217 | 49740 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:32.237027884 CEST | 49740 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:32.255037069 CEST | 49740 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:32.261204004 CEST | 13217 | 49740 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:37.186588049 CEST | 13217 | 49740 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:37.186676025 CEST | 49740 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:39.792232037 CEST | 49740 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:39.797355890 CEST | 13217 | 49740 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:39.806318045 CEST | 63476 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:39.811204910 CEST | 13217 | 63476 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:39.811270952 CEST | 63476 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:39.830374002 CEST | 63476 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:39.835557938 CEST | 13217 | 63476 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:44.750646114 CEST | 13217 | 63476 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:44.750974894 CEST | 63476 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:46.729851961 CEST | 63476 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:46.731662035 CEST | 63478 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:46.735023975 CEST | 13217 | 63476 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:46.736689091 CEST | 13217 | 63478 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:46.736749887 CEST | 63478 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:46.750807047 CEST | 63478 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:46.757204056 CEST | 13217 | 63478 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:51.699687958 CEST | 13217 | 63478 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:51.699786901 CEST | 63478 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:51.870408058 CEST | 63478 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:51.872163057 CEST | 63479 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:51.875480890 CEST | 13217 | 63478 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:51.877001047 CEST | 13217 | 63479 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:51.877083063 CEST | 63479 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:51.896853924 CEST | 63479 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:51.902404070 CEST | 13217 | 63479 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:56.843673944 CEST | 13217 | 63479 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:56.844152927 CEST | 63479 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:58.013168097 CEST | 63479 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:58.015815973 CEST | 63501 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:58.018021107 CEST | 13217 | 63479 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:58.020674944 CEST | 13217 | 63501 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:29:58.020755053 CEST | 63501 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:58.042860031 CEST | 63501 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:29:58.047858953 CEST | 13217 | 63501 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:02.977022886 CEST | 13217 | 63501 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:02.979336977 CEST | 63501 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:03.244299889 CEST | 63501 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:03.249855995 CEST | 13217 | 63501 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:03.266165972 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:03.271321058 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:03.275127888 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:03.392484903 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:03.397260904 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.925712109 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.925792933 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.926074028 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.926120043 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.926470041 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.926517010 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.948518991 CEST | 63534 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.950705051 CEST | 63565 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.953370094 CEST | 13217 | 63534 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.955786943 CEST | 13217 | 63565 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:08.955864906 CEST | 63565 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.976804018 CEST | 63565 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:08.981956005 CEST | 13217 | 63565 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:13.919903040 CEST | 13217 | 63565 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:13.920108080 CEST | 63565 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:14.260693073 CEST | 80 | 49730 | 208.95.112.1 | 192.168.2.4 |
Oct 12, 2024 12:30:14.260967016 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:30:15.526870966 CEST | 63565 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:15.528965950 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:15.532264948 CEST | 13217 | 63565 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:15.534213066 CEST | 13217 | 63601 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:15.534292936 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:15.719995022 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:15.725840092 CEST | 13217 | 63601 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:15.795670986 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:15.800616026 CEST | 13217 | 63601 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:20.507157087 CEST | 13217 | 63601 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:20.507339001 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.870553017 CEST | 63601 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.873934984 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.876964092 CEST | 13217 | 63601 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:20.879005909 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:20.879072905 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.928482056 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.933299065 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:20.964842081 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:20.969890118 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:22.949137926 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:22.954011917 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:25.214354038 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:25.219234943 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:25.832773924 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:25.832887888 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:26.027154922 CEST | 63635 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:26.031224966 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:26.032263041 CEST | 13217 | 63635 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:26.036237955 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:26.036900997 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:26.123152018 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:26.432908058 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:27.042285919 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:27.137586117 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:27.137620926 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:27.137649059 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:30.986439943 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:30.986659050 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:31.136255980 CEST | 63670 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:31.141201973 CEST | 13217 | 63670 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:31.142538071 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:31.147413969 CEST | 13217 | 63696 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:31.147494078 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:31.182287931 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:31.187151909 CEST | 13217 | 63696 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:34.871066093 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:34.875902891 CEST | 13217 | 63696 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.080164909 CEST | 13217 | 63696 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.081629992 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.215173960 CEST | 63696 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.215528965 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.220048904 CEST | 13217 | 63696 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.220487118 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.220683098 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.368448019 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.373328924 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.386420965 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.391228914 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.401943922 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.406842947 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:36.417529106 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:36.422312021 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:41.189156055 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:41.189306974 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:41.433211088 CEST | 63728 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:41.434745073 CEST | 63753 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:41.439321041 CEST | 13217 | 63728 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:41.440124989 CEST | 13217 | 63753 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:41.440232038 CEST | 63753 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:41.723308086 CEST | 63753 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:41.728322983 CEST | 13217 | 63753 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:46.390223026 CEST | 13217 | 63753 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:46.390291929 CEST | 63753 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:46.545053005 CEST | 49730 | 80 | 192.168.2.4 | 208.95.112.1 |
Oct 12, 2024 12:30:46.550088882 CEST | 80 | 49730 | 208.95.112.1 | 192.168.2.4 |
Oct 12, 2024 12:30:47.339461088 CEST | 63753 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:47.342072964 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:47.344446898 CEST | 13217 | 63753 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:47.347024918 CEST | 13217 | 63754 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:47.347088099 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:47.385600090 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:47.390669107 CEST | 13217 | 63754 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:48.527250051 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:48.532351971 CEST | 13217 | 63754 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.297581911 CEST | 13217 | 63754 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.299312115 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.495688915 CEST | 63754 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.497255087 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.501272917 CEST | 13217 | 63754 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.502254009 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.502321005 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.540729046 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.546155930 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.558581114 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.563816071 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.605101109 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.610400915 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.636383057 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.641699076 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.667653084 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.672635078 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:52.683254957 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:52.688180923 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:57.488482952 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:57.488553047 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:57.729991913 CEST | 63755 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:57.733266115 CEST | 63756 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:57.734951973 CEST | 13217 | 63755 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:57.738327026 CEST | 13217 | 63756 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:30:57.738455057 CEST | 63756 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:57.794070959 CEST | 63756 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:30:57.799185991 CEST | 13217 | 63756 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.740077019 CEST | 13217 | 63756 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.740175009 CEST | 63756 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.826838017 CEST | 63756 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.831711054 CEST | 13217 | 63756 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.838623047 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.843478918 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.843553066 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.891690016 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.896491051 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.902209044 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.907016039 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:02.933283091 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:02.938112020 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:03.042548895 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:03.047471046 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:03.120826006 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:03.125828028 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:07.792984962 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:07.793064117 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.137314081 CEST | 63757 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.137980938 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.142318010 CEST | 13217 | 63757 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.142787933 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.142910004 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.360224009 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.365242958 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.433214903 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.438406944 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.448900938 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.453677893 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.495723963 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.500698090 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.511343956 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.516264915 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.542607069 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.547601938 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.558253050 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.563127995 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.605134964 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.610132933 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.651992083 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.657041073 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.667690039 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.672576904 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:08.714531898 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:08.719381094 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:10.261713982 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:10.266783953 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:11.637943029 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:11.711018085 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:13.112541914 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:13.112591028 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:13.793715000 CEST | 63758 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:13.793720007 CEST | 63759 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:13.798664093 CEST | 13217 | 63758 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:13.798682928 CEST | 13217 | 63759 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:13.804373980 CEST | 63759 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:14.005372047 CEST | 63759 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:14.010260105 CEST | 13217 | 63759 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:18.784523010 CEST | 13217 | 63759 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:18.784574032 CEST | 63759 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.073781013 CEST | 63759 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.075706005 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.078811884 CEST | 13217 | 63759 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:19.080776930 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:19.080862045 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.115901947 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.121046066 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:19.277208090 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.282216072 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:19.355442047 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.360501051 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:19.386693001 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:19.391635895 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:22.980765104 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:22.985783100 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.014138937 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.017683983 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.484822989 CEST | 63760 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.489830971 CEST | 13217 | 63760 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.494654894 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.499530077 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.499622107 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.535543919 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.540532112 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.589570045 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.594487906 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:24.605200052 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:24.610441923 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:25.339569092 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:25.344743013 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:29.449594021 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:29.449676991 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:29.622798920 CEST | 63761 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:29.622798920 CEST | 63762 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:29.627964020 CEST | 13217 | 63761 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:29.627980947 CEST | 13217 | 63762 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:29.631458998 CEST | 63762 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:29.691339970 CEST | 63762 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:29.696297884 CEST | 13217 | 63762 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:34.597955942 CEST | 13217 | 63762 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:34.598031998 CEST | 63762 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:34.933217049 CEST | 63762 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:34.934740067 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:34.938215017 CEST | 13217 | 63762 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:34.939584017 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:34.939652920 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:34.973896980 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:34.978792906 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:34.995867968 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:35.000727892 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:35.011667013 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:35.016674995 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:35.027139902 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:35.339505911 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:35.949587107 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:36.059675932 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:36.059689045 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:36.059696913 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:36.636641979 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:36.641709089 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:39.901829958 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:39.902107000 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:40.089896917 CEST | 63763 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:40.092185974 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:40.094887972 CEST | 13217 | 63763 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:40.097282887 CEST | 13217 | 63764 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:40.097528934 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:40.150121927 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:40.368407011 CEST | 13217 | 63764 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:44.386918068 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:44.391999960 CEST | 13217 | 63764 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:45.076226950 CEST | 13217 | 63764 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:45.076283932 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:45.167735100 CEST | 63764 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:45.170859098 CEST | 63765 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:45.172589064 CEST | 13217 | 63764 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:45.175684929 CEST | 13217 | 63765 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:45.175745010 CEST | 63765 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:45.209927082 CEST | 63765 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:45.214787960 CEST | 13217 | 63765 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:50.126574993 CEST | 13217 | 63765 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:50.129596949 CEST | 63765 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:50.277709961 CEST | 63765 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:50.282632113 CEST | 13217 | 63765 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:50.284137011 CEST | 63766 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:50.289608955 CEST | 13217 | 63766 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:50.289865017 CEST | 63766 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:50.512453079 CEST | 63766 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:50.517328024 CEST | 13217 | 63766 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:55.217662096 CEST | 13217 | 63766 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:55.217727900 CEST | 63766 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:55.542597055 CEST | 63766 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:55.544552088 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:55.547540903 CEST | 13217 | 63766 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:55.549540043 CEST | 13217 | 63767 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:55.549639940 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:55.645791054 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:55.651359081 CEST | 13217 | 63767 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:31:59.777748108 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:31:59.783026934 CEST | 13217 | 63767 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.515600920 CEST | 13217 | 63767 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.521512985 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.714575052 CEST | 63767 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.716929913 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.793994904 CEST | 13217 | 63767 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.794008017 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.794090033 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.823235035 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.828093052 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.839663982 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.844563007 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.855283976 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.860435963 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.886507034 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.891367912 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.934674978 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.939629078 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:00.964878082 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:00.969799995 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:01.042779922 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:01.047703028 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:05.730329037 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:05.735450029 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:06.074973106 CEST | 63769 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:06.075081110 CEST | 63768 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:06.080173016 CEST | 13217 | 63769 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:06.080221891 CEST | 13217 | 63768 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:06.080351114 CEST | 63769 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:06.223584890 CEST | 63769 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:06.228579044 CEST | 13217 | 63769 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.055802107 CEST | 13217 | 63769 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.056098938 CEST | 63769 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.277043104 CEST | 63769 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.280586004 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.281992912 CEST | 13217 | 63769 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.285553932 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.285640955 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.316721916 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.321607113 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.433497906 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.438471079 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.464679003 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.469594002 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:11.574008942 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:11.579283953 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:13.168104887 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:13.173158884 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:14.514514923 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:14.519620895 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.267035961 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.273566961 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.746000051 CEST | 63770 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.747816086 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.751060963 CEST | 13217 | 63770 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.752727985 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.752784014 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.782938004 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.787863016 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.792965889 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.797827005 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.839910984 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.844825029 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.933541059 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.938625097 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:16.949333906 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:16.954226017 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:20.418021917 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:20.423137903 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:21.675311089 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:21.675410032 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:21.967469931 CEST | 63771 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:21.968188047 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:21.972487926 CEST | 13217 | 63771 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:21.973404884 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:21.973659039 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:22.087490082 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:22.092468023 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:22.933729887 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:22.938868046 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:25.933670998 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:25.938982964 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:26.933690071 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:26.939050913 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:26.959419012 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:26.959486008 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.511631012 CEST | 63772 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.514884949 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.516608000 CEST | 13217 | 63772 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:27.520042896 CEST | 13217 | 63773 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:27.520144939 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.582264900 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.587265968 CEST | 13217 | 63773 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:27.589942932 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:27.594858885 CEST | 13217 | 63773 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:32.449290991 CEST | 13217 | 63773 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:32.449547052 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.731880903 CEST | 63773 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.736974955 CEST | 13217 | 63773 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:32.758321047 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.763492107 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:32.763585091 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.915905952 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.920979023 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:32.949430943 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:32.954446077 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:33.012080908 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:33.017138004 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:33.042936087 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:33.047981977 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:37.693200111 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:37.693723917 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.042999983 CEST | 63774 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.046431065 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.048197985 CEST | 13217 | 63774 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:38.051470995 CEST | 13217 | 63775 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:38.051600933 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.165846109 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.171046972 CEST | 13217 | 63775 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:38.199417114 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:38.204334021 CEST | 13217 | 63775 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:42.996958971 CEST | 13217 | 63775 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:42.997015953 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:43.308595896 CEST | 63775 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:43.311184883 CEST | 63776 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:43.313648939 CEST | 13217 | 63775 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:43.316040039 CEST | 13217 | 63776 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:43.316104889 CEST | 63776 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:43.402410030 CEST | 63776 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:43.407278061 CEST | 13217 | 63776 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:48.263519049 CEST | 13217 | 63776 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:48.263602018 CEST | 63776 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:48.449604034 CEST | 63776 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:48.451575994 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:48.454701900 CEST | 13217 | 63776 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:48.456929922 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:48.457122087 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:48.658305883 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:48.663361073 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:50.589907885 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:50.594907999 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:54.311238050 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:54.311290026 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:54.311335087 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:54.311439037 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:54.311539888 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:54.311683893 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:54.311741114 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:54.311741114 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.871066093 CEST | 63777 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.874650002 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.876250029 CEST | 13217 | 63777 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:58.879625082 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:58.879709959 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.913606882 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.918596983 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:58.949275970 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.954382896 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:58.965415001 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:58.970338106 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:59.043021917 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:59.048055887 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:59.058809996 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:59.063759089 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:59.137038946 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:59.142004967 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:32:59.246876955 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:32:59.252219915 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:02.483748913 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:02.489152908 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:03.816631079 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:03.816777945 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:04.294465065 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:04.294548035 CEST | 63778 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:04.300741911 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:04.300782919 CEST | 13217 | 63778 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:04.303735018 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:04.419614077 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:04.424933910 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:07.574434996 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:07.579720020 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:08.262788057 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:08.268059015 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:09.327048063 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:09.327143908 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:13.261677980 CEST | 63779 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:13.262914896 CEST | 63780 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:13.266921997 CEST | 13217 | 63779 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:13.267843008 CEST | 13217 | 63780 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:13.267986059 CEST | 63780 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:13.312597990 CEST | 63780 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:13.317789078 CEST | 13217 | 63780 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:18.190805912 CEST | 13217 | 63780 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:18.190866947 CEST | 63780 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:22.668360949 CEST | 63780 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:22.669143915 CEST | 63781 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:22.673372030 CEST | 13217 | 63780 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:22.674020052 CEST | 13217 | 63781 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:22.674385071 CEST | 63781 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:22.685173035 CEST | 63781 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:22.690027952 CEST | 13217 | 63781 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:27.630440950 CEST | 13217 | 63781 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:27.630568027 CEST | 63781 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:30.887283087 CEST | 63781 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:30.887940884 CEST | 63782 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:30.892309904 CEST | 13217 | 63781 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:30.892971039 CEST | 13217 | 63782 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:30.893193960 CEST | 63782 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:30.902941942 CEST | 63782 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:30.907885075 CEST | 13217 | 63782 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:35.878556967 CEST | 13217 | 63782 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:35.878730059 CEST | 63782 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:37.794369936 CEST | 63783 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:37.794378996 CEST | 63782 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:37.799563885 CEST | 13217 | 63783 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:37.799604893 CEST | 13217 | 63782 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:37.799674988 CEST | 63783 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:37.815481901 CEST | 63783 | 13217 | 192.168.2.4 | 147.185.221.23 |
Oct 12, 2024 12:33:37.820311069 CEST | 13217 | 63783 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:42.751832008 CEST | 13217 | 63783 | 147.185.221.23 | 192.168.2.4 |
Oct 12, 2024 12:33:42.751924038 CEST | 63783 | 13217 | 192.168.2.4 | 147.185.221.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 12, 2024 12:29:06.025465965 CEST | 51412 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 12, 2024 12:29:06.032746077 CEST | 53 | 51412 | 1.1.1.1 | 192.168.2.4 |
Oct 12, 2024 12:29:08.042491913 CEST | 53532 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 12, 2024 12:29:08.055593014 CEST | 53 | 53532 | 1.1.1.1 | 192.168.2.4 |
Oct 12, 2024 12:29:35.190516949 CEST | 53 | 62322 | 162.159.36.2 | 192.168.2.4 |
Oct 12, 2024 12:29:35.673710108 CEST | 61846 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 12, 2024 12:29:35.681096077 CEST | 53 | 61846 | 1.1.1.1 | 192.168.2.4 |
Oct 12, 2024 12:29:39.793231010 CEST | 62384 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 12, 2024 12:29:39.805754900 CEST | 53 | 62384 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 12, 2024 12:29:06.025465965 CEST | 192.168.2.4 | 1.1.1.1 | 0x53e7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 12:29:08.042491913 CEST | 192.168.2.4 | 1.1.1.1 | 0xf8bf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 12:29:35.673710108 CEST | 192.168.2.4 | 1.1.1.1 | 0x147b | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Oct 12, 2024 12:29:39.793231010 CEST | 192.168.2.4 | 1.1.1.1 | 0xac60 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 12, 2024 12:29:06.032746077 CEST | 1.1.1.1 | 192.168.2.4 | 0x53e7 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 12:29:08.055593014 CEST | 1.1.1.1 | 192.168.2.4 | 0xf8bf | No error (0) | 147.185.221.23 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 12:29:35.681096077 CEST | 1.1.1.1 | 192.168.2.4 | 0x147b | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Oct 12, 2024 12:29:39.805754900 CEST | 1.1.1.1 | 192.168.2.4 | 0xac60 | No error (0) | 147.185.221.23 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 208.95.112.1 | 80 | 6892 | C:\Users\user\Desktop\W1FREE.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 12, 2024 12:29:06.043679953 CEST | 80 | OUT | |
Oct 12, 2024 12:29:06.531672001 CEST | 175 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:29:01 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\Desktop\W1FREE.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x580000 |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 06:29:06 |
Start date: | 12/10/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76f990000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:29:06 |
Start date: | 12/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:29:07 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 06:29:18 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xfd0000 |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 06:29:26 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x290000 |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 06:30:01 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 11 |
Start time: | 06:31:00 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | |
Has administrator privileges: | |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 12 |
Start time: | 06:32:00 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\AppData\Roaming\system.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 68'608 bytes |
MD5 hash: | 6F7CABF4B4354595F267D7D0860A7264 |
Has elevated privileges: | |
Has administrator privileges: | |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 25.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 30% |
Total number of Nodes: | 10 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F60B6 Relevance: .5, Instructions: 471COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F6E62 Relevance: .5, Instructions: 456COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F2381 Relevance: .4, Instructions: 392COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F20ED Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F108D Relevance: .3, Instructions: 324COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E1038 Relevance: .8, Instructions: 767COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E1719 Relevance: .7, Instructions: 691COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E20ED Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E1208 Relevance: .5, Instructions: 540COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E1220 Relevance: .5, Instructions: 530COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0985 Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E09D3 Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0A08 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0A10 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0A48 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0620 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0D21 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0BDC Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0847 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0865 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E0870 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7E22B1 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D1038 Relevance: .8, Instructions: 765COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D1719 Relevance: .7, Instructions: 691COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D20ED Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D1208 Relevance: .5, Instructions: 538COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D1220 Relevance: .5, Instructions: 528COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0985 Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D09D3 Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0A08 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0A10 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0A48 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0620 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0D21 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0BDC Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0847 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0865 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D0870 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7D22B1 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B801038 Relevance: .8, Instructions: 756COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B801719 Relevance: .7, Instructions: 691COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B8020ED Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B801208 Relevance: .5, Instructions: 536COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B801220 Relevance: .5, Instructions: 527COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800985 Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B8009D3 Relevance: .3, Instructions: 313COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800A08 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800A10 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800A48 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800620 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800D21 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800BD3 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800847 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800865 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B800870 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B8022B1 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F1038 Relevance: .8, Instructions: 758COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F1719 Relevance: .7, Instructions: 691COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F20ED Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F1208 Relevance: .5, Instructions: 540COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F1220 Relevance: .5, Instructions: 530COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0985 Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F09D3 Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0A08 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0A10 Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0A48 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0620 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0D21 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0BD3 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0847 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0865 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F0870 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7F22B1 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|