Edit tour
Windows
Analysis Report
jXBjxhHQgR.exe
Overview
General Information
| Sample name: | jXBjxhHQgR.exerenamed because original name is a hash value |
| Original sample name: | 8305c45696b7e6763ff343ca024682d1.exe |
| Analysis ID: | 1444168 |
| MD5: | 8305c45696b7e6763ff343ca024682d1 |
| SHA1: | b645f3fe56ac86ffde7d0e72ef48cd3eb4f48220 |
| SHA256: | 649a88ef17dafb0bd1f0d55e752de143e2428927dd5e754b65b5b4b251069c1e |
| Tags: | 32CMSBruteexetrojan |
| Infos: |   |
 | |
Detection
CMSBrute
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected CMSBrute
Contains functionality to inject code into remote processes
Drops PE files with benign system names
Found Tor onion address
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Suspicious Process Parents
Sigma detected: System File Execution Location Anomaly
Connects to several IPs in different countries
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
jXBjxhHQgR.exe (PID: 6112 cmdline: "C:\Users\ user\Deskt op\jXBjxhH QgR.exe" MD5: 8305C45696B7E6763FF343CA024682D1) - jXBjxhHQgR.exe (PID: 4412 cmdline:
"C:\Users\ user\Deskt op\jXBjxhH QgR.exe" MD5: 8305C45696B7E6763FF343CA024682D1)
- csrss.exe (PID: 2792 cmdline:
"C:\Progra mData\Driv ers\csrss. exe" MD5: 8305C45696B7E6763FF343CA024682D1) - csrss.exe (PID: 1468 cmdline:
"C:\Progra mData\Driv ers\csrss. exe" MD5: 8305C45696B7E6763FF343CA024682D1)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CMSBrute | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CMSBrute | Yara detected CMSBrute | Joe Security |
System Summary |   |
|---|
| Source: | Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Source: | Author: vburov: | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Binary or memory string: | memstr_0fcf652c-5 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Networking | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_02450110 | |
| Source: | Code function: | 3_2_02800110 | |
| Source: | Code function: | 0_2_0040F87A | |
| Source: | Code function: | 0_2_00411897 | |
| Source: | Code function: | 0_2_004039D9 | |
| Source: | Code function: | 0_2_0040F308 | |
| Source: | Code function: | 0_2_0040C7F0 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_022917C6 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00411AEA | |
| Source: | Code function: | 0_2_00404F38 | |
| Source: | Code function: | 0_2_02338A36 | |
| Source: | Code function: | 0_2_023EBA53 | |
| Source: | Code function: | 0_2_023EBAB7 | |
| Source: | Code function: | 0_2_023DFAEB | |
| Source: | Code function: | 0_2_023042C9 | |
| Source: | Code function: | 0_2_0231C3F3 | |
| Source: | Code function: | 3_2_0275AA33 | |
| Source: | Code function: | 3_2_026A7A16 | |
| Source: | Code function: | 3_2_0274EACB | |
| Source: | Code function: | 3_2_026732A9 | |
| Source: | Code function: | 3_2_0275AA97 | |
| Source: | Code function: | 3_2_0268B3D3 | |
| Source: | Code function: | 5_2_006962AC | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_004039D9 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-8553 | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-8555 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040D1F4 | |
| Source: | Code function: | 0_2_0040D1F4 | |
| Source: | Code function: | 0_2_022910A3 | |
| Source: | Code function: | 0_2_02450042 | |
| Source: | Code function: | 3_2_02600083 | |
| Source: | Code function: | 3_2_02800042 | |
| Source: | Code function: | 0_2_0041154F | |
| Source: | Code function: | 0_2_00407176 | |
| Source: | Code function: | 0_2_004071A7 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_02450110 | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_004043D6 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00408873 | |
| Source: | Key value queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 211 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 211 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Multi-hop Proxy | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 2 Proxy | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 23 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | ReversingLabs | |||
| 46% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1311176 | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1311176 | ||
| 100% | Joe Sandbox ML | |||
| 42% | ReversingLabs | |||
| 46% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 171.25.193.9 | unknown | Sweden | 198093 | DFRI-ASForeningenfordigitalafri-ochrattigheterSE | false | |
| 195.201.199.223 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 178.254.31.125 | unknown | Germany | 42730 | EVANZOASDE | false | |
| 135.148.54.98 | unknown | United States | 18676 | AVAYAUS | false | |
| 38.154.240.58 | unknown | United States | 174 | COGENT-174US | false | |
| 89.58.34.53 | unknown | Germany | 5430 | FREENETDEfreenetDatenkommunikationsGmbHDE | false | |
| 45.66.33.45 | unknown | Netherlands | 47482 | SPECTRENL | false | |
| 5.253.84.137 | unknown | Cyprus | 57863 | SAIBSA | false | |
| 109.104.152.127 | unknown | Albania | 48265 | ITIRANA-AL-ASImportfromPronetAL | false | |
| 65.109.93.180 | unknown | United States | 11022 | ALABANZA-BALTUS | false | |
| 185.220.101.154 | unknown | Germany | 208294 | ASMKNL | false | |
| 185.220.101.196 | unknown | Germany | 208294 | ASMKNL | false | |
| 83.212.72.189 | unknown | Greece | 9069 | AthensEgaleoGREECEGR | false | |
| 217.194.154.18 | unknown | United Kingdom | 8513 | SKYVISIONGB | false | |
| 23.157.136.251 | unknown | Reserved | 396101 | NETCLOUD-ASNUS | false | |
| 96.234.180.68 | unknown | United States | 701 | UUNETUS | false | |
| 51.89.17.143 | unknown | France | 16276 | OVHFR | false | |
| 95.217.199.55 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 86.59.21.38 | unknown | Austria | 8437 | UTA-ASAT | false | |
| 65.21.195.87 | unknown | United States | 199592 | CP-ASDE | false | |
| 162.251.116.82 | unknown | Reserved | 6576 | SUMMITCOMMUS | false | |
| 98.115.87.163 | unknown | United States | 701 | UUNETUS | false | |
| 185.233.104.172 | unknown | Germany | 197540 | NETCUP-ASnetcupGmbHDE | false | |
| 154.35.175.225 | unknown | United States | 14987 | RETHEMHOSTINGUS | false | |
| 91.234.199.232 | unknown | Ukraine | 51252 | DSSGROUP-ASUA | false | |
| 107.189.8.12 | unknown | United States | 53667 | PONYNETUS | false | |
| 128.31.0.39 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
| 195.154.106.60 | unknown | France | 12876 | OnlineSASFR | false | |
| 185.243.218.202 | unknown | Norway | 56655 | TERRAHOSTNO | false | |
| 45.66.35.11 | unknown | Netherlands | 47482 | SPECTRENL | false | |
| 185.82.217.49 | unknown | Bulgaria | 59729 | ITL-BG | false | |
| 204.13.164.118 | unknown | United States | 25700 | 25700US | false | |
| 195.154.104.174 | unknown | France | 12876 | OnlineSASFR | false | |
| 147.135.31.134 | unknown | United States | 16276 | OVHFR | false | |
| 37.1.204.243 | unknown | Ukraine | 58061 | SCALAXY-ASNL | false | |
| 162.19.252.175 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
| 51.210.103.252 | unknown | France | 16276 | OVHFR | false | |
| 23.92.34.123 | unknown | United States | 54098 | LIONLINK-NETWORKSUS | false | |
| 134.102.200.101 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
| 5.255.109.214 | unknown | Netherlands | 60404 | LITESERVERNL | false | |
| 144.217.32.158 | unknown | Canada | 16276 | OVHFR | false | |
| 202.61.237.56 | unknown | Australia | 4842 | TH-AS-APTianhaiInfoTechCN | false | |
| 193.23.244.244 | unknown | Germany | 50472 | CHAOS-ASDE | false | |
| 62.210.123.24 | unknown | France | 12876 | OnlineSASFR | false | |
| 95.217.112.218 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 147.92.88.67 | unknown | United States | 396097 | SAIL-INETUS | false | |
| 147.135.64.217 | unknown | United States | 16276 | OVHFR | false | |
| 88.216.223.2 | unknown | Lithuania | 47838 | SOCIUSLT | false | |
| 185.220.101.211 | unknown | Germany | 208294 | ASMKNL | false | |
| 46.20.35.116 | unknown | Germany | 24961 | MYLOC-ASIPBackboneofmyLocmanagedITAGDE | false | |
| 147.135.16.147 | unknown | United States | 16276 | OVHFR | false | |
| 15.204.234.61 | unknown | United States | 71 | HP-INTERNET-ASUS | false | |
| 77.162.229.73 | unknown | Netherlands | 1136 | KPNKPNNationalEU | false | |
| 51.81.93.39 | unknown | United States | 16276 | OVHFR | false | |
| 148.251.41.235 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 192.99.228.114 | unknown | Canada | 16276 | OVHFR | true | |
| 135.148.53.59 | unknown | United States | 18676 | AVAYAUS | false | |
| 142.44.247.102 | unknown | Canada | 16276 | OVHFR | false | |
| 131.188.40.189 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
| 15.204.140.9 | unknown | United States | 71 | HP-INTERNET-ASUS | false | |
| 193.11.114.46 | unknown | Sweden | 1653 | SUNETSUNETSwedishUniversityNetworkEU | false | |
| 176.107.176.31 | unknown | Ukraine | 42331 | FREEHOSTUA | false | |
| 195.123.209.91 | unknown | Bulgaria | 50979 | ITL-LV | false | |
| 130.225.244.90 | unknown | Denmark | 1835 | FSKNET-DKForskningsnettet-DanishnetworkforResearchand | false | |
| 91.143.81.27 | unknown | Germany | 35366 | ISPPRO-ASISPPRO-AScoversthenetworksofISPproDE | false | |
| 145.239.41.102 | unknown | France | 16276 | OVHFR | false | |
| 199.58.81.140 | unknown | Canada | 7765 | KOUMBITCA | false | |
| 193.105.134.186 | unknown | Sweden | 42237 | ICMESE | false | |
| 195.154.168.209 | unknown | France | 12876 | OnlineSASFR | false | |
| 89.168.70.178 | unknown | United Kingdom | 9105 | TISCALI-UKTalkTalkCommunicationsLimitedGB | false | |
| 84.247.164.65 | unknown | Norway | 29300 | AS-DIRECTCONNECTNO | false | |
| 5.45.98.188 | unknown | Germany | 197540 | NETCUP-ASnetcupGmbHDE | false | |
| 135.148.150.100 | unknown | United States | 18676 | AVAYAUS | false | |
| 45.141.57.69 | unknown | Germany | 30823 | COMBAHTONcombahtonGmbHDE | false | |
| 193.142.146.239 | unknown | Netherlands | 208046 | HOSTSLICK-GERMANYNL | false | |
| 85.93.254.36 | unknown | Norway | 61275 | ASN-NEASNO | false | |
| 178.17.170.13 | unknown | Moldova Republic of | 43289 | TRABIAMD | false | |
| 51.222.24.62 | unknown | France | 16276 | OVHFR | false |
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1444168 |
| Start date and time: | 2024-05-20 09:22:10 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 45s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | jXBjxhHQgR.exerenamed because original name is a hash value |
| Original Sample Name: | 8305c45696b7e6763ff343ca024682d1.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@6/9@0/79 |
| EGA Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target csrss.exe, PID 1468 because there are no executed function
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 03:23:40 | API Interceptor | |
| 03:23:55 | API Interceptor | |
| 09:23:06 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 171.25.193.9 | Get hash | malicious | SystemBC | Browse |
| |
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | TinyNuke | Browse |
| ||
| Get hash | malicious | Kronos | Browse |
| ||
| Get hash | malicious | Kronos | Browse |
| ||
| Get hash | malicious | Kronos | Browse |
| ||
| 178.254.31.125 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse | |||
| Get hash | malicious | Glupteba, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 135.148.54.98 | Get hash | malicious | RedLine, SmokeLoader | Browse | ||
| 38.154.240.58 | Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse | ||
| Get hash | malicious | BazaLoader | Browse | |||
| 45.66.33.45 | Get hash | malicious | CMSBrute | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse | |||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse | |||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse | |||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse | |||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC | Browse | |||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, Xmrig | Browse | |||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse | |||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EVANZOASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Glupteba, RedLine, SmokeLoader, Stealc | Browse |
| ||
| Get hash | malicious | Glupteba, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz | Browse |
| ||
| Get hash | malicious | RedLine, SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AVAYAUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| COGENT-174US | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | Babadeda, Blank Grabber, Osno | Browse |
| ||
| HETZNER-ASDE | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Babadeda, Blank Grabber, Osno | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | CryptOne, Vidar | Browse |
| ||
| Get hash | malicious | CryptOne, Vidar | Browse |
| ||
| DFRI-ASForeningenfordigitalafri-ochrattigheterSE | Get hash | malicious | CMSBrute | Browse |
| |
| Get hash | malicious | CMSBrute | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
| Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 83d60721ecc423892660e275acc4dffd | Get hash | malicious | CMSBrute | Browse |
| |
| Get hash | malicious | CMSBrute | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader | Browse |
| ||
| Get hash | malicious | Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1950208 |
| Entropy (8bit): | 7.959914992966583 |
| Encrypted: | false |
| SSDEEP: | 49152:WlsJPNJLt1TzK2m8Q2AajccD1RTsTmeC2yHL+Hq:WOJPNJDm8Q2Q4Tf2Y6 |
| MD5: | 8305C45696B7E6763FF343CA024682D1 |
| SHA1: | B645F3FE56AC86FFDE7D0E72EF48CD3EB4F48220 |
| SHA-256: | 649A88EF17DAFB0BD1F0D55E752DE143E2428927DD5E754B65B5B4B251069C1E |
| SHA-512: | 0140F7B9F17EF4491E901EAE2B6D882975E679594E1D208FC13E19BC88670B274F7B36F79F94A0F03BAF1413C87AEB5CF42687D41AE4B85F9C98B7C38F54474A |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20852 |
| Entropy (8bit): | 6.0533350090263625 |
| Encrypted: | false |
| SSDEEP: | 384:y/40VVq1h8PXt9MY4JVtG1hIcCy5U411HVz1h7b50IU4mV91h5/ea4igBVA1hrqw:oJiO9BELGf/Wmxvb+3jnt2a9gBSySyLu |
| MD5: | E4AFF22D0F098D3FFE3BB5DCD93A4E7F |
| SHA1: | EE1330D68C176F2FCD03BA0AB684E99EC02FDE47 |
| SHA-256: | 99D9C86697CFBE13981752FAF0980122B95FAE9FF1CD6EAF828D72E52CD40BC9 |
| SHA-512: | 3BA7D72C586CA88D3380E2810302227C86E959183D4CBBE1A7E62F6E019937AD7EBFE3ECB6930BD3C315D84510DA09DE8A3BA4F309687B19DA7EDFB40EC2AB10 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2602942 |
| Entropy (8bit): | 5.609188387971644 |
| Encrypted: | false |
| SSDEEP: | 12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+ |
| MD5: | 85989AD48363B4F972FFFB50C90CD77F |
| SHA1: | 0D1570E8EF32E485917011BA6BBFC313133D0D61 |
| SHA-256: | C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D |
| SHA-512: | 3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9790 |
| Entropy (8bit): | 5.30326842218623 |
| Encrypted: | false |
| SSDEEP: | 192:HbydFlUfLONQGC4zvM4Ik4yZjvN/SgT5z2tKoWL:7ydXUfKNQjEdI3gsi |
| MD5: | 1619B2A5FB6DF383CACE463E5CEE6FCA |
| SHA1: | 25B3A97CA58C5036AC740A9E489006AD6942B6DF |
| SHA-256: | 3EA62B92962EF8FFADA7F29331AEAA3BBABB6616D85A02DBFB790022BCB0442D |
| SHA-512: | E59A30A373408FD6944C5C30B7CB552F7A505763CAE2EB99F92626BF8A09EC9A865809472AFFDA117542BED72FBF63AF43F07DC7F647E7FF3CDA5461BA0183D3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2602942 |
| Entropy (8bit): | 5.609188387971644 |
| Encrypted: | false |
| SSDEEP: | 12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+ |
| MD5: | 85989AD48363B4F972FFFB50C90CD77F |
| SHA1: | 0D1570E8EF32E485917011BA6BBFC313133D0D61 |
| SHA-256: | C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D |
| SHA-512: | 3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20852 |
| Entropy (8bit): | 6.0533350090263625 |
| Encrypted: | false |
| SSDEEP: | 384:y/40VVq1h8PXt9MY4JVtG1hIcCy5U411HVz1h7b50IU4mV91h5/ea4igBVA1hrqw:oJiO9BELGf/Wmxvb+3jnt2a9gBSySyLu |
| MD5: | E4AFF22D0F098D3FFE3BB5DCD93A4E7F |
| SHA1: | EE1330D68C176F2FCD03BA0AB684E99EC02FDE47 |
| SHA-256: | 99D9C86697CFBE13981752FAF0980122B95FAE9FF1CD6EAF828D72E52CD40BC9 |
| SHA-512: | 3BA7D72C586CA88D3380E2810302227C86E959183D4CBBE1A7E62F6E019937AD7EBFE3ECB6930BD3C315D84510DA09DE8A3BA4F309687B19DA7EDFB40EC2AB10 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2602942 |
| Entropy (8bit): | 5.609188387971644 |
| Encrypted: | false |
| SSDEEP: | 12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+ |
| MD5: | 85989AD48363B4F972FFFB50C90CD77F |
| SHA1: | 0D1570E8EF32E485917011BA6BBFC313133D0D61 |
| SHA-256: | C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D |
| SHA-512: | 3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 9790 |
| Entropy (8bit): | 5.30326842218623 |
| Encrypted: | false |
| SSDEEP: | 192:HbydFlUfLONQGC4zvM4Ik4yZjvN/SgT5z2tKoWL:7ydXUfKNQjEdI3gsi |
| MD5: | 1619B2A5FB6DF383CACE463E5CEE6FCA |
| SHA1: | 25B3A97CA58C5036AC740A9E489006AD6942B6DF |
| SHA-256: | 3EA62B92962EF8FFADA7F29331AEAA3BBABB6616D85A02DBFB790022BCB0442D |
| SHA-512: | E59A30A373408FD6944C5C30B7CB552F7A505763CAE2EB99F92626BF8A09EC9A865809472AFFDA117542BED72FBF63AF43F07DC7F647E7FF3CDA5461BA0183D3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\jXBjxhHQgR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2602942 |
| Entropy (8bit): | 5.609188387971644 |
| Encrypted: | false |
| SSDEEP: | 12288:ZrvOrwNzZoGSfoKbtYtJhx5x2MRexCMOqtsZAsCXByqX5Sb:ZrTNzRJBRMxOobsCAs5+ |
| MD5: | 85989AD48363B4F972FFFB50C90CD77F |
| SHA1: | 0D1570E8EF32E485917011BA6BBFC313133D0D61 |
| SHA-256: | C598182A7CA2FF63DCE744A72C5CF877DECDDD339A3AE88921B12D97C5F9C50D |
| SHA-512: | 3C522410A466CA0F2C0286D5738E7FD28A2E0440281D091F363C60103B72B4D28C670A5CCD7986C8A8CF10E2DEF857EC5F628190FF873FEAD57FB4DA229F7181 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.959914992966583 |
| TrID: |
|
| File name: | jXBjxhHQgR.exe |
| File size: | 1'950'208 bytes |
| MD5: | 8305c45696b7e6763ff343ca024682d1 |
| SHA1: | b645f3fe56ac86ffde7d0e72ef48cd3eb4f48220 |
| SHA256: | 649a88ef17dafb0bd1f0d55e752de143e2428927dd5e754b65b5b4b251069c1e |
| SHA512: | 0140f7b9f17ef4491e901eae2b6d882975e679594e1d208fc13e19bc88670b274f7b36f79f94a0f03baf1413c87aeb5cf42687d41ae4b85f9c98b7c38f54474a |
| SSDEEP: | 49152:WlsJPNJLt1TzK2m8Q2AajccD1RTsTmeC2yHL+Hq:WOJPNJDm8Q2Q4Tf2Y6 |
| TLSH: | C495230335D7C031E9B7C135582486F54A3BFC329923DADB676C2B0FA4761A28A376B5 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y..:Y..:Y..h...:Y..h...:Y..h...:Y..B...:Y..:X..:Y.1....:Y..h...:Y.1....:Y.Rich.:Y.........................PE..L....[.c... |
 | |
| Icon Hash: | 71514529494c444b |
| Entrypoint: | 0x403d86 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x63F95BC9 [Sat Feb 25 00:52:25 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 37b83adc183001c9e38660b73f251c40 |
| Instruction |
|---|
| call 00007F218C7DFB2Dh |
| jmp 00007F218C7DAEC4h |
| cmp ecx, dword ptr [00419428h] |
| jne 00007F218C7DB044h |
| rep ret |
| jmp 00007F218C7DFC9Ch |
| push ebp |
| mov ebp, esp |
| sub esp, 20h |
| push esi |
| push edi |
| push 00000008h |
| pop ecx |
| mov esi, 004130E0h |
| lea edi, dword ptr [ebp-20h] |
| rep movsd |
| mov esi, dword ptr [ebp+0Ch] |
| mov edi, dword ptr [ebp+08h] |
| test esi, esi |
| je 00007F218C7DB055h |
| test byte ptr [esi], 00000010h |
| je 00007F218C7DB050h |
| mov ecx, dword ptr [edi] |
| sub ecx, 04h |
| push ecx |
| mov eax, dword ptr [ecx] |
| mov esi, dword ptr [eax+18h] |
| call dword ptr [eax+20h] |
| mov dword ptr [ebp-08h], edi |
| mov dword ptr [ebp-04h], esi |
| test esi, esi |
| je 00007F218C7DB04Eh |
| test byte ptr [esi], 00000008h |
| je 00007F218C7DB049h |
| mov dword ptr [ebp-0Ch], 01994000h |
| lea eax, dword ptr [ebp-0Ch] |
| push eax |
| push dword ptr [ebp-10h] |
| push dword ptr [ebp-1Ch] |
| push dword ptr [ebp-20h] |
| call dword ptr [00412098h] |
| pop edi |
| pop esi |
| mov esp, ebp |
| pop ebp |
| retn 0008h |
| push eax |
| push dword ptr fs:[00000000h] |
| lea eax, dword ptr [esp+0Ch] |
| sub esp, dword ptr [esp+0Ch] |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [eax], ebp |
| mov ebp, eax |
| mov eax, dword ptr [00419428h] |
| xor eax, ebp |
| push eax |
| mov dword ptr [ebp-10h], esp |
| push dword ptr [ebp-04h] |
| mov dword ptr [ebp-04h], FFFFFFFFh |
| lea eax, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], eax |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| cld |
| mov esi, dword ptr [ebp+0Ch] |
| mov ecx, dword ptr [esi+08h] |
| xor ecx, esi |
| call 00007F218C7DAF8Bh |
| push 00000000h |
| push esi |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x183d4 | 0x64 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x21b000 | 0xa810 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x18438 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x178b8 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x164 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x10b33 | 0x10c00 | a586dc1c1bcbae50023233037b66bb59 | False | 0.6024661847014925 | data | 6.705983144416262 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x12000 | 0x6bf2 | 0x6c00 | 34898aa02e7f8adb08110703eeb76928 | False | 0.3904079861111111 | data | 4.736117568977362 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x19000 | 0x201308 | 0x1b9c00 | 6e375cace8477e6abf70b8be6f6e553e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x21b000 | 0xa810 | 0xaa00 | 991d710e835cc3a012f3f76b89f60075 | False | 0.45762867647058825 | data | 5.070490495297634 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| AFX_DIALOG_LAYOUT | 0x222700 | 0x2 | data | 5.0 | ||
| YUYE | 0x221390 | 0x136f | ASCII text, with very long lines (4975), with no line terminators | Japanese | Japan | 0.594572864321608 |
| RT_CURSOR | 0x222708 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
| RT_CURSOR | 0x222a38 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
| RT_CURSOR | 0x222b90 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
| RT_CURSOR | 0x223a38 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
| RT_CURSOR | 0x2242e0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
| RT_ICON | 0x21b4f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Japanese | Japan | 0.43230277185501065 |
| RT_ICON | 0x21c398 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Japanese | Japan | 0.555956678700361 |
| RT_ICON | 0x21cc40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Japanese | Japan | 0.581221198156682 |
| RT_ICON | 0x21d308 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Japanese | Japan | 0.601878612716763 |
| RT_ICON | 0x21d870 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Japanese | Japan | 0.445643153526971 |
| RT_ICON | 0x21fe18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Japanese | Japan | 0.4915572232645403 |
| RT_ICON | 0x220ec0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Japanese | Japan | 0.5203900709219859 |
| RT_STRING | 0x224ad0 | 0x42e | data | Japanese | Japan | 0.4532710280373832 |
| RT_STRING | 0x224f00 | 0x66e | data | Japanese | Japan | 0.43195625759416767 |
| RT_STRING | 0x225570 | 0x29a | StarOffice Gallery theme e, 0 objects | Japanese | Japan | 0.48348348348348347 |
| RT_GROUP_CURSOR | 0x222b68 | 0x22 | data | 1.0294117647058822 | ||
| RT_GROUP_CURSOR | 0x224848 | 0x30 | data | 0.9375 | ||
| RT_GROUP_ICON | 0x221328 | 0x68 | data | Japanese | Japan | 0.6826923076923077 |
| RT_VERSION | 0x224878 | 0x258 | data | 0.535 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetTickCount, TzSpecificLocalTimeToSystemTime, WriteConsoleW, GetSystemDirectoryA, SetComputerNameExW, IsBadStringPtrA, GetLastError, SetLastError, GetProcAddress, LoadLibraryA, GetConsoleAliasA, GetNumberFormatW, CreateEventW, RemoveDirectoryW, GetModuleFileNameA, BuildCommDCBA, VirtualProtect, PurgeComm, SetFileAttributesW, GetVolumeInformationW, CloseHandle, CreateFileW, GetStringTypeW, LocalAlloc, LoadLibraryExW, OutputDebugStringW, GetConsoleCP, IsProcessorFeaturePresent, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, GetCommandLineW, RaiseException, RtlUnwind, IsDebuggerPresent, HeapAlloc, HeapSize, EnterCriticalSection, LeaveCriticalSection, HeapFree, ReadFile, SetFilePointerEx, DeleteCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetStdHandle, WriteFile, GetModuleFileNameW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCurrentThreadId, GetProcessHeap, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, LCMapStringW, GetConsoleMode, ReadConsoleW, SetStdHandle, FlushFileBuffers, SetEndOfFile |
| USER32.dll | GetMenuItemID, ChangeDisplaySettingsW |
| GDI32.dll | GetCharWidthI |
| ole32.dll | CoMarshalHresult |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Japanese | Japan |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 20, 2024 09:23:04.537004948 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:04.537048101 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:04.537132978 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:04.542603970 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:04.542629957 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:05.544045925 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:05.544138908 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:05.548300028 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:05.548316956 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:05.548748016 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:05.548995972 CEST | 49712 | 443 | 192.168.2.6 | 130.225.244.90 |
| May 20, 2024 09:23:05.592114925 CEST | 443 | 49712 | 130.225.244.90 | 192.168.2.6 |
| May 20, 2024 09:23:06.407011986 CEST | 49713 | 9001 | 192.168.2.6 | 147.92.88.67 |
| May 20, 2024 09:23:06.482223988 CEST | 9001 | 49713 | 147.92.88.67 | 192.168.2.6 |
| May 20, 2024 09:23:06.482373953 CEST | 49713 | 9001 | 192.168.2.6 | 147.92.88.67 |
| May 20, 2024 09:23:06.483628035 CEST | 49713 | 9001 | 192.168.2.6 | 147.92.88.67 |
| May 20, 2024 09:23:06.498759985 CEST | 9001 | 49713 | 147.92.88.67 | 192.168.2.6 |
| May 20, 2024 09:23:07.408863068 CEST | 49714 | 5092 | 192.168.2.6 | 195.123.209.91 |
| May 20, 2024 09:23:07.438178062 CEST | 5092 | 49714 | 195.123.209.91 | 192.168.2.6 |
| May 20, 2024 09:23:07.438348055 CEST | 49714 | 5092 | 192.168.2.6 | 195.123.209.91 |
| May 20, 2024 09:23:07.442372084 CEST | 49714 | 5092 | 192.168.2.6 | 195.123.209.91 |
| May 20, 2024 09:23:07.450512886 CEST | 5092 | 49714 | 195.123.209.91 | 192.168.2.6 |
| May 20, 2024 09:23:14.861973047 CEST | 9001 | 49713 | 147.92.88.67 | 192.168.2.6 |
| May 20, 2024 09:23:14.862040997 CEST | 49713 | 9001 | 192.168.2.6 | 147.92.88.67 |
| May 20, 2024 09:23:14.862143040 CEST | 49713 | 9001 | 192.168.2.6 | 147.92.88.67 |
| May 20, 2024 09:23:14.862675905 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:14.862704992 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:14.862777948 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:14.862910032 CEST | 49717 | 443 | 192.168.2.6 | 45.66.33.45 |
| May 20, 2024 09:23:14.862967014 CEST | 443 | 49717 | 45.66.33.45 | 192.168.2.6 |
| May 20, 2024 09:23:14.863023996 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:14.863035917 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:14.863059044 CEST | 49717 | 443 | 192.168.2.6 | 45.66.33.45 |
| May 20, 2024 09:23:14.863187075 CEST | 49717 | 443 | 192.168.2.6 | 45.66.33.45 |
| May 20, 2024 09:23:14.863198042 CEST | 443 | 49717 | 45.66.33.45 | 192.168.2.6 |
| May 20, 2024 09:23:14.915441036 CEST | 9001 | 49713 | 147.92.88.67 | 192.168.2.6 |
| May 20, 2024 09:23:15.717621088 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:15.717767000 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:15.737056017 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:15.737081051 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:15.737453938 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:15.737632036 CEST | 49716 | 443 | 192.168.2.6 | 195.154.106.60 |
| May 20, 2024 09:23:15.780157089 CEST | 443 | 49716 | 195.154.106.60 | 192.168.2.6 |
| May 20, 2024 09:23:15.797590971 CEST | 5092 | 49714 | 195.123.209.91 | 192.168.2.6 |
| May 20, 2024 09:23:15.797678947 CEST | 49714 | 5092 | 192.168.2.6 | 195.123.209.91 |
| May 20, 2024 09:23:15.797919989 CEST | 49714 | 5092 | 192.168.2.6 | 195.123.209.91 |
| May 20, 2024 09:23:15.848534107 CEST | 5092 | 49714 | 195.123.209.91 | 192.168.2.6 |
| May 20, 2024 09:23:31.845134020 CEST | 443 | 49717 | 45.66.33.45 | 192.168.2.6 |
| May 20, 2024 09:23:31.845253944 CEST | 49717 | 443 | 192.168.2.6 | 45.66.33.45 |
| May 20, 2024 09:23:31.845383883 CEST | 49717 | 443 | 192.168.2.6 | 45.66.33.45 |
| May 20, 2024 09:23:31.845427990 CEST | 443 | 49717 | 45.66.33.45 | 192.168.2.6 |
| May 20, 2024 09:23:31.851613045 CEST | 49725 | 9001 | 192.168.2.6 | 178.17.170.13 |
| May 20, 2024 09:23:31.851752996 CEST | 49726 | 443 | 192.168.2.6 | 154.35.175.225 |
| May 20, 2024 09:23:31.851838112 CEST | 443 | 49726 | 154.35.175.225 | 192.168.2.6 |
| May 20, 2024 09:23:31.851917982 CEST | 49726 | 443 | 192.168.2.6 | 154.35.175.225 |
| May 20, 2024 09:23:31.856671095 CEST | 9001 | 49725 | 178.17.170.13 | 192.168.2.6 |
| May 20, 2024 09:23:31.856749058 CEST | 49725 | 9001 | 192.168.2.6 | 178.17.170.13 |
| May 20, 2024 09:23:31.856892109 CEST | 49726 | 443 | 192.168.2.6 | 154.35.175.225 |
| May 20, 2024 09:23:31.856928110 CEST | 443 | 49726 | 154.35.175.225 | 192.168.2.6 |
| May 20, 2024 09:23:31.857016087 CEST | 49725 | 9001 | 192.168.2.6 | 178.17.170.13 |
| May 20, 2024 09:23:31.908929110 CEST | 9001 | 49725 | 178.17.170.13 | 192.168.2.6 |
| May 20, 2024 09:23:33.625159025 CEST | 9001 | 49725 | 178.17.170.13 | 192.168.2.6 |
| May 20, 2024 09:23:33.625272989 CEST | 49725 | 9001 | 192.168.2.6 | 178.17.170.13 |
| May 20, 2024 09:23:33.625397921 CEST | 49725 | 9001 | 192.168.2.6 | 178.17.170.13 |
| May 20, 2024 09:23:33.686856985 CEST | 9001 | 49725 | 178.17.170.13 | 192.168.2.6 |
| May 20, 2024 09:23:48.788610935 CEST | 443 | 49726 | 154.35.175.225 | 192.168.2.6 |
| May 20, 2024 09:23:48.788737059 CEST | 49726 | 443 | 192.168.2.6 | 154.35.175.225 |
| May 20, 2024 09:23:48.788896084 CEST | 49726 | 443 | 192.168.2.6 | 154.35.175.225 |
| May 20, 2024 09:23:48.788913012 CEST | 443 | 49726 | 154.35.175.225 | 192.168.2.6 |
| May 20, 2024 09:23:48.806704044 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:48.806840897 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:48.819488049 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:48.819529057 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:48.819629908 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:48.819931984 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:48.819935083 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:48.820053101 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:48.833754063 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:48.833789110 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.526485920 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.530174971 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:49.535154104 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.589772940 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:49.593220949 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:49.603976011 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:49.764991999 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.765379906 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:49.784188986 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.936708927 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:49.963777065 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:49.980727911 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.985460997 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:49.985546112 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:49.990499020 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:49.993221998 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:49.998492956 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.204541922 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.204860926 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.209907055 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.417654037 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.418644905 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.418732882 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.419631004 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.419668913 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.419704914 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.419720888 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.421627045 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.421664953 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.421683073 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.423578978 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.423615932 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.423640013 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.425578117 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.425616026 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.425643921 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.427515030 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.427570105 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.428318024 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.428354025 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.428386927 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.428401947 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.468782902 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.503391027 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:50.508090019 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:50.508188963 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:50.518682003 CEST | 49728 | 9001 | 192.168.2.6 | 185.82.217.49 |
| May 20, 2024 09:23:50.526778936 CEST | 9001 | 49728 | 185.82.217.49 | 192.168.2.6 |
| May 20, 2024 09:23:50.526814938 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.527308941 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.527358055 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.528230906 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.529241085 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.529309988 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.530214071 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.531188965 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.531224966 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.531286955 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.532179117 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.532239914 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.532980919 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.533016920 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.533065081 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.534497976 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.534533978 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.534579992 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.534663916 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.536020994 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.536056042 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.536079884 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.536107063 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.537565947 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.537602901 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.537616968 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.537647009 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.539135933 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.539174080 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.539187908 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.539208889 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.539220095 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.539254904 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.540714979 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.540750980 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.540769100 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.540797949 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.542237043 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.542285919 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.591223955 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.591258049 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.591355085 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.636184931 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.636507988 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.636578083 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.637192011 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.637893915 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.637928009 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.637960911 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.638618946 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.638669968 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.639298916 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.640014887 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.640073061 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.640692949 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.640856981 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.641429901 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.641464949 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.641496897 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.641525030 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.642812967 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.642872095 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.643666983 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.643702030 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.643731117 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.643734932 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.643758059 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.643779039 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.644659996 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.644695044 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.644722939 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.644750118 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.645788908 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.645823956 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.645839930 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.645868063 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.646877050 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.646912098 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.646941900 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.646975040 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.648013115 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.648067951 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.648083925 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.648130894 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.648715973 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.648751020 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.648766994 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.648799896 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.649794102 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.649851084 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.650420904 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.650455952 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.650481939 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.650505066 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.651504993 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.651554108 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.651555061 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.652527094 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.652575970 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.653088093 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.653124094 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.653156996 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.653167009 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.653245926 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.654066086 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.654124022 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.654491901 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.654546022 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.659215927 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.703140020 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.710062027 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.752827883 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.752994061 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.753196955 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.753518105 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.754093885 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.754131079 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.754148006 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.755146027 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.755181074 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.755199909 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.756194115 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.756239891 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.756728888 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.756764889 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.756798029 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.756820917 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.757821083 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.757857084 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.757882118 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.758863926 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.758900881 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.758908033 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.759928942 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.759964943 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.759974003 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.760094881 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.760855913 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.760891914 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.760909081 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.760925055 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.760934114 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.760966063 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.761640072 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.761676073 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.761689901 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.761714935 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.762505054 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.762541056 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.762557983 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.762579918 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.763350010 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.763386011 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.763402939 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.763423920 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.764199972 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.764235020 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.764245987 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.764277935 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.765048981 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.765085936 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.765096903 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.765120983 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.765126944 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.765158892 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.765892982 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.765928030 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.765943050 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.765965939 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.766762018 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.766798019 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.766814947 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.766835928 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.767556906 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.767591953 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.767608881 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.767631054 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.768341064 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.768377066 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.768389940 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.768412113 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.768424988 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.768455029 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.769109011 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.769145966 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.769160986 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.769188881 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.769851923 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.769887924 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.769900084 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.769928932 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.770648003 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.770683050 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.770697117 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.770721912 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.771401882 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.771437883 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.771455050 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.771477938 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.772156954 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.772191048 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.772203922 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.772226095 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.772231102 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.772265911 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.772847891 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.772883892 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.772917032 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.772938013 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.773530960 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.773566008 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.773571014 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.773610115 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.773617029 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.781290054 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.790951014 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.843313932 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.858201981 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.858320951 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.858340979 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.858496904 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.858753920 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.858804941 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.859064102 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.859100103 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.859112024 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.859141111 CEST | 49729 | 80 | 192.168.2.6 | 171.25.193.9 |
| May 20, 2024 09:23:50.859636068 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.859669924 CEST | 80 | 49729 | 171.25.193.9 | 192.168.2.6 |
| May 20, 2024 09:23:50.859685898 CEST | 49729 | 80 | 192.1 |