Windows
Analysis Report
WCcNzb83Y3.exe
Overview
General Information
Sample name: | WCcNzb83Y3.exerenamed because original name is a hash value |
Original sample name: | 24D8F60111E8DB49789E0582E3F69146.exe |
Analysis ID: | 1428878 |
MD5: | 24d8f60111e8db49789e0582e3f69146 |
SHA1: | 70d1eb3898bbf2efce3f70d7e8782546a01de251 |
SHA256: | 0397446de827fc7c5e161061fafb5e1a72847a9d653a675c7b2ae7b687c620c8 |
Tags: | CobaltStrikeexe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- WCcNzb83Y3.exe (PID: 5896 cmdline:
"C:\Users\ user\Deskt op\WCcNzb8 3Y3.exe" MD5: 24D8F60111E8DB49789E0582E3F69146)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Cobalt Strike, CobaltStrike | Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable. |
{"C2Server": "http://47.120.39.182:63306/Gs3p", "User Agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)\r\n"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CobaltStrike_3 | Yara detected CobaltStrike | Joe Security | ||
Windows_Trojan_Metasploit_7bc0f998 | Identifies the API address lookup function leverage by metasploit shellcode | unknown |
| |
Windows_Trojan_Metasploit_c9773203 | Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. | unknown |
| |
JoeSecurity_CobaltStrike_3 | Yara detected CobaltStrike | Joe Security | ||
Windows_Trojan_CobaltStrike_b54b94ac | Rule for beacon sleep obfuscation routine | unknown |
| |
Click to see the 31 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CobaltStrike | Yara detected CobaltStrike | Joe Security | ||
JoeSecurity_CobaltStrike_3 | Yara detected CobaltStrike | Joe Security | ||
Windows_Trojan_CobaltStrike_ee756db7 | Attempts to detect Cobalt Strike based on strings found in BEACON | unknown |
| |
Windows_Trojan_CobaltStrike_663fc95d | Identifies CobaltStrike via unidentified function code | unknown |
| |
Windows_Trojan_CobaltStrike_f0b627fc | Rule for beacon reflective loader | unknown |
| |
Click to see the 18 entries |
Timestamp: | 04/19/24-19:11:26.386447 |
SID: | 2035651 |
Source Port: | 63306 |
Destination Port: | 49710 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Code function: | 0_2_02B91184 | |
Source: | Code function: | 0_2_02BBE020 |
Source: | Code function: | 0_2_02BA0ED4 | |
Source: | Code function: | 0_2_02BA779C |
Networking |
---|
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_02B9E3A0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_02BBE080 |
Source: | Code function: | 0_2_02B9D780 | |
Source: | Code function: | 0_2_02BB82B0 | |
Source: | Code function: | 0_2_02BB22B4 | |
Source: | Code function: | 0_2_02B9A280 | |
Source: | Code function: | 0_2_02BB9AF0 | |
Source: | Code function: | 0_2_02BAE2C8 | |
Source: | Code function: | 0_2_02BADB5C | |
Source: | Code function: | 0_2_02BA61A8 | |
Source: | Code function: | 0_2_02BB9180 | |
Source: | Code function: | 0_2_02BA01E8 | |
Source: | Code function: | 0_2_02BBB100 | |
Source: | Code function: | 0_2_02BAC148 | |
Source: | Code function: | 0_2_02BB8E97 | |
Source: | Code function: | 0_2_02BACF14 | |
Source: | Code function: | 0_2_02BA6C98 | |
Source: | Code function: | 0_2_02BB745C | |
Source: | Code function: | 0_2_02BAED3C | |
Source: | Code function: | 0_2_02B99D6C | |
Source: | Code function: | 0_2_001B010D | |
Source: | Code function: | 0_2_030BCBC7 | |
Source: | Code function: | 0_2_030CE183 | |
Source: | Code function: | 0_2_030CD70F | |
Source: | Code function: | 0_2_030CCFA3 | |
Source: | Code function: | 0_2_030CB58F |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_02B9FE24 |
Source: | Code function: | 0_2_02BA6C98 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_02BBC124 |
Source: | Code function: | 0_2_02BC5174 | |
Source: | Code function: | 0_2_001B0388 | |
Source: | Code function: | 0_2_001B0388 | |
Source: | Code function: | 0_2_030B9B66 | |
Source: | Code function: | 0_2_030D6A43 | |
Source: | Code function: | 0_2_030D6A63 | |
Source: | Code function: | 0_2_030D6A8C | |
Source: | Code function: | 0_2_030BB1A0 | |
Source: | Code function: | 0_2_030B97A5 |
Source: | Code function: | 0_2_02BAC148 |
Source: | Registry key monitored for changes: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 0_2_02BA3F88 | |
Source: | Code function: | 0_2_02B9F5C8 |
Source: | API coverage: |
Source: | Code function: | 0_2_02B9F5C8 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_02BA0ED4 | |
Source: | Code function: | 0_2_02BA779C |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_02BB4014 |
Source: | Code function: | 0_2_02BB4C34 |
Source: | Code function: | 0_2_02BBC124 |
Source: | Code function: | 0_2_02BADA80 |
Source: | Code function: | 0_2_02BBE4C8 | |
Source: | Code function: | 0_2_02BBE4C0 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File source: |
Source: | Code function: | 0_2_02BAA7DC |
Source: | Code function: | 0_2_02BAA754 |
Source: | Code function: | 0_2_02B9FBD4 |
Source: | Code function: | 0_2_02BBE2B0 |
Source: | Code function: | 0_2_02BA455C |
Source: | Code function: | 0_2_02BA455C |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_02BA50E0 | |
Source: | Code function: | 0_2_02BAAF84 | |
Source: | Code function: | 0_2_02BA4CD8 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 2 Valid Accounts | 2 Valid Accounts | 2 Valid Accounts | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 21 Access Token Manipulation | 11 Virtualization/Sandbox Evasion | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Process Injection | 21 Access Token Manipulation | Security Account Manager | 141 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 1 Process Injection | NTDS | 11 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 Account Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 System Owner/User Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 File and Directory Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 3 System Information Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | ReversingLabs | Win64.Backdoor.Meterpreter |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | low | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
47.120.39.182 | unknown | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428878 |
Start date and time: | 2024-04-19 19:10:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | WCcNzb83Y3.exerenamed because original name is a hash value |
Original Sample Name: | 24D8F60111E8DB49789E0582E3F69146.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/2@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 199.232.210.172
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: WCcNzb83Y3.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Python Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Users\user\Desktop\WCcNzb83Y3.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69993 |
Entropy (8bit): | 7.99584879649948 |
Encrypted: | true |
SSDEEP: | 1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr |
MD5: | 29F65BA8E88C063813CC50A4EA544E93 |
SHA1: | 05A7040D5C127E68C25D81CC51271FFB8BEF3568 |
SHA-256: | 1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184 |
SHA-512: | E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Users\user\Desktop\WCcNzb83Y3.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.2361171502523645 |
Encrypted: | false |
SSDEEP: | 6:kKSXlEN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:6XlbkPlE99SNxAhUeVLVt |
MD5: | 271D236895EBB4E9BF85EA001DEA1AE7 |
SHA1: | B8EEAC8E82AD4F144232E03F30F0B5611AEE6565 |
SHA-256: | 28E524ADBCA6B9CC8630DBE95C9A710050021BBAE578C68D340B95270272DE84 |
SHA-512: | 5822E49D856B4231446B65738BB2133DE4F5973317A0811CE8E43755D02C7AC628665D63F7D2C22C39E7DE0052C44FB970541AC831168DEDE3143E415899CB16 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 3.8119584650707767 |
TrID: |
|
File name: | WCcNzb83Y3.exe |
File size: | 7'168 bytes |
MD5: | 24d8f60111e8db49789e0582e3f69146 |
SHA1: | 70d1eb3898bbf2efce3f70d7e8782546a01de251 |
SHA256: | 0397446de827fc7c5e161061fafb5e1a72847a9d653a675c7b2ae7b687c620c8 |
SHA512: | 2b8c4065423aa095a121650d92fec94d67cf6afc4e260a5ff3a413513967feffc61668b0840f69aeb4ab5956e5a793b5033b5600002d7d81e3b4594b083b4e05 |
SSDEEP: | 192:5gUnRiZuUuMva6P93LAzq72i2LqPXbX/:lzlMv33LGDiY |
TLSH: | B6E1A539B78EC9B9E15720B98FC3F0857394F9B14ECA358375B60BBC45096152E22B19 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.................`.........@..............................P............................................. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x401460 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 168819debd607a76e24e61fc481cc1c0 |
Instruction |
---|
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 00000050h |
mov eax, 00000000h |
mov dword ptr [ebp-04h], eax |
mov eax, 00000001h |
dec ecx |
mov edx, eax |
dec esp |
mov ecx, edx |
call 00007FBDA0685CB2h |
mov eax, 00030000h |
dec ecx |
mov ebx, eax |
mov eax, 00010000h |
dec ecx |
mov edx, eax |
dec esp |
mov ecx, edx |
dec esp |
mov edx, ebx |
call 00007FBDA0685C9Fh |
dec eax |
mov eax, dword ptr [00001A57h] |
dec eax |
mov ecx, dword ptr [00001A58h] |
dec eax |
mov edx, dword ptr [00001A59h] |
dec eax |
mov dword ptr [ebp-10h], eax |
dec eax |
lea eax, dword ptr [ebp-04h] |
dec eax |
mov dword ptr [esp+20h], eax |
mov eax, dword ptr [00001B82h] |
dec ecx |
mov ecx, eax |
dec ecx |
mov eax, edx |
dec ecx |
mov ebx, ecx |
dec eax |
mov eax, dword ptr [ebp-10h] |
dec ecx |
mov edx, eax |
dec esp |
mov ecx, edx |
dec esp |
mov edx, ebx |
call 00007FBDA0685C64h |
dec eax |
mov eax, dword ptr [00001A14h] |
dec eax |
mov ecx, dword ptr [00001A15h] |
dec eax |
mov edx, dword ptr [00001A16h] |
dec eax |
mov dword ptr [ebp-18h], eax |
dec eax |
mov eax, dword ptr [edx] |
dec ecx |
mov eax, eax |
dec eax |
mov eax, dword ptr [ecx] |
dec ecx |
mov ebx, eax |
dec eax |
mov eax, dword ptr [ebp-18h] |
mov eax, dword ptr [eax] |
dec ecx |
mov edx, eax |
dec esp |
mov ecx, edx |
dec esp |
mov edx, ebx |
call 00007FBDA0685A5Dh |
dec ecx |
mov edx, eax |
dec esp |
mov ecx, edx |
call 00007FBDA0685C28h |
leave |
ret |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2e90 | 0x3c | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x4000 | 0x48 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2ecc | 0x70 | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x600 | 0x600 | 197fd3d5b07a8d936b870b3f58a74469 | False | 0.4772135416666667 | data | 5.203220192372681 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x2000 | 0x104c | 0x1200 | ad5daca617571f32a4fbe87449901987 | False | 0.3802083333333333 | data | 3.233730211325264 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x4000 | 0x48 | 0x200 | c7576e62cbb6bf0fcc477178658cba89 | False | 0.1015625 | data | 0.6043702230123598 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
msvcrt.dll | memset, srand, rand, _time64, __set_app_type, _controlfp, __argc, __argv, _environ, __getmainargs, exit |
kernel32.dll | VirtualAlloc |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-19:11:26.386447 | TCP | 2035651 | ET TROJAN Meterpreter or Other Reverse Shell SSL Cert | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:11:25.301819086 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:25.646920919 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:25.647056103 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:25.697292089 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:26.039516926 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:26.040477991 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:26.040556908 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:26.386446953 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:26.386621952 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:27.073282957 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:27.784126997 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.130165100 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.130275965 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.475117922 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.475218058 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.477653980 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.819706917 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.819819927 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820089102 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820147038 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820152044 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820188046 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820207119 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820226908 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820246935 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820266008 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820283890 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820321083 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820326090 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820364952 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820382118 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820404053 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820421934 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820442915 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:28.820458889 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:28.820504904 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165554047 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165642977 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165663004 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165682077 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165688992 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165709019 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165721893 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165733099 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165751934 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165760040 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165771008 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165781021 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165790081 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165807962 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165812016 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165827036 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165837049 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165844917 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165863991 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165867090 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165880919 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165894032 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165899038 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165915966 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165930033 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165941000 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165951014 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165958881 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165976048 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.165985107 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.165997028 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.166018963 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.166042089 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510474920 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510540962 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510581017 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510584116 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510616064 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510622978 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510633945 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510662079 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510662079 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510700941 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510700941 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510737896 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510740995 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510775089 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510781050 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510812044 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510813951 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510848999 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510849953 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510886908 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510889053 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510924101 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510925055 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510962009 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510963917 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.510999918 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.510999918 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511039019 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511039972 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511075020 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511076927 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511113882 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511113882 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511151075 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511152029 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511188984 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511189938 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511225939 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511226892 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511264086 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511265993 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511301041 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511301994 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511338949 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511341095 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511375904 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511377096 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511413097 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511416912 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511450052 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511451006 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511487007 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511490107 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511523962 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511523962 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511563063 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511564970 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511600971 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511606932 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511639118 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511639118 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511676073 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511677027 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511713982 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511717081 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511749983 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511750937 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511790037 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511790037 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511826038 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511826992 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511864901 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511864901 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511902094 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511903048 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511940956 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511946917 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.511984110 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.511985064 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.512037039 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854603052 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854665041 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854706049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854737043 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854744911 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854737043 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854780912 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854808092 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854808092 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854819059 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854832888 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854856014 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854876041 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854892969 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.854904890 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.854986906 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855012894 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855025053 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855035067 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855062008 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855073929 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855101109 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855118036 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855139971 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855154037 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855179071 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855190992 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855216980 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855235100 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855254889 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855274916 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855304003 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855313063 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855350971 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855364084 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855387926 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855403900 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855427027 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855439901 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855465889 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855477095 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855504036 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855518103 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855540991 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855554104 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855577946 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855592966 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855616093 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855628967 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855654001 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855669022 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855691910 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855706930 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855727911 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855741978 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855766058 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855776072 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855803013 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855817080 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855840921 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855851889 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855878115 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855891943 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855914116 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855927944 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855952024 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.855967045 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.855989933 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856019974 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856028080 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856045008 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856065989 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856074095 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856122971 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856146097 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856162071 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856182098 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856199980 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856208086 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856236935 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856245041 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856272936 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856287003 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856312037 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856326103 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856352091 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856360912 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856388092 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856400967 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856425047 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856437922 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856462955 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856477976 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856501102 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856513977 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856539011 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856555939 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856583118 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856595039 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856621027 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856640100 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856657982 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856673956 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856694937 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856712103 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856733084 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856748104 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856771946 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856782913 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856807947 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856822968 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856847048 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856858015 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856883049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856897116 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856921911 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856933117 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856959105 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.856971979 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.856997013 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857008934 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857034922 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857049942 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857074022 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857086897 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857110977 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857121944 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857148886 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857172012 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857186079 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857194901 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857223034 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857238054 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857261896 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857271910 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857299089 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857314110 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857336044 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857347965 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857373953 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857388020 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857413054 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857426882 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857451916 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857466936 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857490063 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857502937 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857527971 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857539892 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857566118 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857578993 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857603073 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857619047 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857640982 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857656002 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857678890 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857692957 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857719898 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:29.857728004 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:29.857769966 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202625990 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202681065 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202721119 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202739954 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202759981 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202779055 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202779055 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202797890 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202833891 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202836037 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202845097 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202877998 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202883959 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202915907 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202927113 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202955008 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.202971935 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.202994108 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203001022 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203033924 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203044891 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203072071 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203092098 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203109980 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203128099 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203170061 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203176022 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203229904 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203232050 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203269005 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203284025 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203310013 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203321934 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203347921 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203363895 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203387022 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203399897 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203427076 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203438997 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203464985 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203476906 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203505039 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203537941 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203543901 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203558922 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203583002 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203593016 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203622103 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203634024 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203660965 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203671932 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203700066 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203711987 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203738928 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203749895 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203775883 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203785896 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203814983 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203829050 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203854084 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203867912 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203892946 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203906059 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203931093 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203943968 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.203967094 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.203980923 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204004049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204014063 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204041958 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204051018 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204081059 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204092979 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204129934 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204138041 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204179049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204190969 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204216957 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204230070 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204255104 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204268932 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204293966 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204307079 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204332113 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204346895 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204370975 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204384089 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204410076 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204423904 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204448938 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204463005 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204488039 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204499006 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204526901 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204539061 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204564095 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204574108 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204601049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204615116 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204638958 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204648018 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204675913 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204688072 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204715014 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204726934 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204752922 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204765081 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204791069 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204802990 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204828024 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204839945 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204868078 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204879045 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204907894 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204920053 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204945087 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204957962 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.204982996 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.204994917 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205022097 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205034018 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205060005 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205075979 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205097914 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205117941 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205137014 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205146074 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205176115 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205187082 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205214977 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205228090 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205255985 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205267906 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205296993 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205321074 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.205339909 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.205355883 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.206372023 CEST | 49710 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.211987019 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.548737049 CEST | 63306 | 49710 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.553612947 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.553700924 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.554162025 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:30.894270897 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.895018101 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:30.895092010 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.236922026 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:31.236984015 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.237351894 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.238372087 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.579936028 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:31.583585978 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:31.583631039 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:31.583652973 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.583681107 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.583908081 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.583926916 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:11:31.921931982 CEST | 63306 | 49712 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:11:31.922061920 CEST | 49712 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:31.599610090 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:31.936650991 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:31.936840057 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:31.937131882 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:32.643482924 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:32.985349894 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:32.985694885 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:32.985869884 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.326327085 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:33.326390028 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.327006102 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.408726931 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.707696915 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:33.745697975 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:33.749013901 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:33.749032021 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:33.749094963 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.749146938 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.749424934 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:33.749444008 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:12:34.090372086 CEST | 63306 | 49724 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:12:34.090442896 CEST | 49724 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:33.753599882 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:34.104933023 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:34.105036020 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:34.108323097 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:34.456115961 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:34.456314087 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:34.456399918 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:34.807874918 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:34.808005095 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:34.808504105 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:35.202528954 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:36.047962904 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:36.396739960 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:36.400253057 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:36.400340080 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:36.400407076 CEST | 63306 | 49729 | 47.120.39.182 | 192.168.2.6 |
Apr 19, 2024 19:13:36.400468111 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:36.400614023 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Apr 19, 2024 19:13:36.400667906 CEST | 49729 | 63306 | 192.168.2.6 | 47.120.39.182 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:11:26.579339981 CEST | 1.1.1.1 | 192.168.2.6 | 0x317 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:11:26.579339981 CEST | 1.1.1.1 | 192.168.2.6 | 0x317 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:12:43.400054932 CEST | 1.1.1.1 | 192.168.2.6 | 0x3804 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:12:43.400054932 CEST | 1.1.1.1 | 192.168.2.6 | 0x3804 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Target ID: | 0 |
Start time: | 19:11:23 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\WCcNzb83Y3.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 7'168 bytes |
MD5 hash: | 24D8F60111E8DB49789E0582E3F69146 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.5% |
Dynamic/Decrypted Code Coverage: | 93.3% |
Signature Coverage: | 6% |
Total number of Nodes: | 149 |
Total number of Limit Nodes: | 3 |
Graph
Function 02B9E3A0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 152networkfileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA455C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D780 Relevance: 10.9, APIs: 7, Instructions: 395memoryfileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B91184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39encryptionCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9CA74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 268COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B012C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99networkmemoryfileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9EC3C Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 4.0, APIs: 3, Instructions: 218COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B02D5 Relevance: 3.1, APIs: 2, Instructions: 82memoryfilenetworkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA1458 Relevance: 3.1, APIs: 2, Instructions: 57memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C7853 Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401460 Relevance: .0, Instructions: 50COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401422 Relevance: .0, Instructions: 7COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401410 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA6C98 Relevance: 64.0, APIs: 32, Strings: 4, Instructions: 969COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB22B4 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAE2C8 Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CD70F Relevance: 30.8, APIs: 16, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA61A8 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA0ED4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA779C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA29DC Relevance: 10.6, APIs: 7, Instructions: 98memoryinjectionCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA50E0 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA4CD8 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA2258 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64memoryinjectionCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9F5C8 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAAF84 Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAA754 Relevance: 4.5, APIs: 3, Instructions: 34memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB82B0 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9FBD4 Relevance: 1.5, APIs: 1, Instructions: 33pipeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB9AF0 Relevance: .6, Instructions: 617COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB9180 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030BCBC7 Relevance: .6, Instructions: 558COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9A280 Relevance: .4, Instructions: 404COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B99D6C Relevance: .4, Instructions: 367COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBE020 Relevance: .2, Instructions: 189COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBE2B0 Relevance: .2, Instructions: 151COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB8E97 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBE4C0 Relevance: .0, Instructions: 49COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBE4C8 Relevance: .0, Instructions: 46COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBE080 Relevance: .0, Instructions: 1COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA5248 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA9DE4 Relevance: 19.7, APIs: 13, Instructions: 238stringCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9E8D4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 130networksleepCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA233C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113threadsleeplibraryCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA5970 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA288C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85filelibraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA5864 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA02EC Relevance: 13.6, APIs: 9, Instructions: 109threadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA4394 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030B3A53 Relevance: 11.6, APIs: 9, Instructions: 305COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA071C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA25CC Relevance: 10.6, APIs: 7, Instructions: 71threadinjectionlibraryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA40A0 Relevance: 10.6, APIs: 7, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA0938 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9E720 Relevance: 9.1, APIs: 6, Instructions: 108networkCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA5594 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CBA07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA2BC8 Relevance: 9.1, APIs: 6, Instructions: 72threadinjectionCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAC5C0 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9F810 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAB0E4 Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9EE74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA24E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderthreadCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030BFD7F Relevance: 7.7, APIs: 5, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030D553B Relevance: 7.7, APIs: 5, Instructions: 201COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030B4937 Relevance: 7.7, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC044 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C6BE3 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BB6A44 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030BEC57 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D0D8 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA795C Relevance: 7.6, APIs: 5, Instructions: 58filememoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9D580 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAAA24 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAB800 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA2B28 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B9FF18 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA1388 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA1350 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA52B Relevance: 6.3, APIs: 5, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030DA91F Relevance: 6.1, APIs: 4, Instructions: 84stringCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BBB4D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAA324 Relevance: 6.0, APIs: 4, Instructions: 41threadsleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAB054 Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BAB190 Relevance: 6.0, APIs: 4, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BA7730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |