Windows
Analysis Report
UniverseCity.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- UniverseCity.exe (PID: 3836 cmdline:
C:\Users\u ser\Deskto p\Universe City.exe MD5: 2815815F0488B3D2307C3A914DDC1D7A)
- cleanup
{"C2 url": "185.206.213.32:42794", "Bot Id": "110", "Authorization Header": "e47b0f61fb0cc49a8eafd0acb2a1befc"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Timestamp: | 192.168.2.4185.206.213.3249696427942850286 11/24/22-19:43:22.900750 |
SID: | 2850286 |
Source Port: | 49696 |
Destination Port: | 42794 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.4185.206.213.3249696427942850027 11/24/22-19:43:19.130595 |
SID: | 2850027 |
Source Port: | 49696 |
Destination Port: | 42794 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 185.206.213.32192.168.2.442794496962850353 11/24/22-19:43:20.869342 |
SID: | 2850353 |
Source Port: | 42794 |
Destination Port: | 49696 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Joe Sandbox ML: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Registry key enumerated: |
Source: | Window / User API: | Jump to behavior |
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior |
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 221 Windows Management Instrumentation | Path Interception | Path Interception | 1 Masquerading | 1 OS Credential Dumping | 65 Security Software Discovery | Remote Services | 3 Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Standard Port | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 11 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 551 Virtualization/Sandbox Evasion | Security Account Manager | 551 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Software Packing | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 124 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.206.213.32 | unknown | Ukraine | 204601 | ON-LINE-DATAServerlocation-NetherlandsDrontenNL | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 753417 |
Start date and time: | 2022-11-24 19:42:09 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | UniverseCity.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/1@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
19:43:25 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.206.213.32 | Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ON-LINE-DATAServerlocation-NetherlandsDrontenNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\UniverseCity.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2201 |
Entropy (8bit): | 5.326033842196865 |
Encrypted: | false |
SSDEEP: | 48:MIHK5HKXEAHKzvQfHK7HKhBHKdHKBSTHtHmYHKhQnoPtHoxHImHKx1qHAHVHxLH0:Pq5qXLqzAq7qLqdqsNGYqhQnoPtIxHbt |
MD5: | 9D13095367E03502A903DEBCA7487DF4 |
SHA1: | 75CAC4CD0867B1EF8422118EA22520E546F1C893 |
SHA-256: | D6C7B642CBA4757549117405242B88C6383A2F555ACD121CC70D6BF604698469 |
SHA-512: | F61C92128B02D520071F3A271FEF5B847AB58C0F7D53D188EE18504CECD67FCB3F03005130C8240FE7946CAA5F611A443789921DE2E86C70D7A656695B226219 |
Malicious: | true |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.993226453571658 |
TrID: |
|
File name: | UniverseCity.exe |
File size: | 4881408 |
MD5: | 2815815f0488b3d2307c3a914ddc1d7a |
SHA1: | c5845c0c743106ac27622d32689a24e2f52a9ab7 |
SHA256: | 14b87b3a9eb96e080373e2a7203b664b63cec8cc163bbd10b028ecf5441f7f67 |
SHA512: | bc4e8c73de9a1a6db1984397a3339c62fb03e3bf145e0b2bb66596afa74b5944a73445ec04d5b5613b177e7aed9950408d96cf7481b3f856d76abf338ec1ff49 |
SSDEEP: | 98304:sbtWGDueBJmf8eGjoA120pwKD6rjOXRe3qTZZQlYRpFvGHtGqKpIZ8:nGNO86AEawwNhZzpc8qiA |
TLSH: | 0D36336EF3D60AB1E45C01B1002E9BCF4B7675071D25DA2ABB4C738D9F72342BE69291 |
File Content Preview: | MZ@.....................................!..L.!Win32 .EXE...$@...PE..L...t..P..........#.................-.............@..........................`......n.J.........................................0.......tw..........`.d..$................................. |
Icon Hash: | c48e0f4f27a6f8f0 |
Entrypoint: | 0xddd12d |
Entrypoint Section: | .MPRESS2 |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5000A574 [Fri Jul 13 22:47:16 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | e045c920c82e7a05da4487cce2e427b2 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
pushad |
call 00007FE930736655h |
pop eax |
add eax, 00000B5Ah |
mov esi, dword ptr [eax] |
add esi, eax |
sub eax, eax |
mov edi, esi |
lodsw |
shl eax, 0Ch |
mov ecx, eax |
push eax |
lodsd |
sub ecx, eax |
add esi, ecx |
mov ecx, eax |
push edi |
push ecx |
dec ecx |
mov al, byte ptr [ecx+edi+06h] |
mov byte ptr [ecx+esi], al |
jne 00007FE930736648h |
sub eax, eax |
lodsb |
mov ecx, eax |
and cl, FFFFFFF0h |
and al, 0Fh |
shl ecx, 0Ch |
mov ch, al |
lodsb |
or ecx, eax |
push ecx |
add cl, ch |
mov ebp, FFFFFD00h |
shl ebp, cl |
pop ecx |
pop eax |
mov ebx, esp |
lea esp, dword ptr [esp+ebp*2-00000E70h] |
push ecx |
sub ecx, ecx |
push ecx |
push ecx |
mov ecx, esp |
push ecx |
mov dx, word ptr [edi] |
shl edx, 0Ch |
push edx |
push edi |
add ecx, 04h |
push ecx |
push eax |
add ecx, 04h |
push esi |
push ecx |
call 00007FE9307366B3h |
mov esp, ebx |
pop esi |
pop edx |
sub eax, eax |
mov dword ptr [edx+esi], eax |
mov ah, 10h |
sub edx, eax |
sub ecx, ecx |
cmp ecx, edx |
jnc 00007FE930736678h |
mov ebx, ecx |
lodsb |
inc ecx |
and al, FEh |
cmp al, E8h |
jne 00007FE930736644h |
inc ebx |
add ecx, 04h |
lodsd |
or eax, eax |
js 00007FE930736658h |
cmp eax, edx |
jnc 00007FE930736637h |
jmp 00007FE930736658h |
add eax, ebx |
js 00007FE930736631h |
add eax, edx |
sub eax, ebx |
mov dword ptr [esi-04h], eax |
jmp 00007FE930736628h |
call 00007FE930736655h |
pop edi |
add edi, FFFFFF4Dh |
mov al, E9h |
stosb |
mov eax, 00000B56h |
stosd |
call 00007FE930736655h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9dd000 | 0x130 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9de000 | 0x17774 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1a64c160 | 0x24a8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9dd078 | 0x20 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.MPRESS1 | 0x1000 | 0x9dc000 | 0x48f400 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.MPRESS2 | 0x9dd000 | 0xc97 | 0xe00 | False | 0.5276227678571429 | data | 5.654337414624995 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x9de000 | 0x17774 | 0x17800 | False | 0.39691032247340424 | data | 5.472894526519017 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
REGISTRY | 0x9de0ec | 0x445 | ASCII text, with CRLF line terminators | ||
REGISTRY | 0x9de55c | 0x30e | ASCII text, with CRLF line terminators | ||
REGISTRY | 0x9de894 | 0xbe4 | ASCII text, with CRLF line terminators | ||
REGISTRY | 0x9df4a0 | 0x355 | ASCII text, with CRLF line terminators | ||
REGISTRY | 0x9df820 | 0x348 | ASCII text, with CRLF line terminators | ||
REGISTRY | 0x9dfb90 | 0x380 | ASCII text, with CRLF line terminators | ||
TYPELIB | 0x9dff60 | 0xb7b4 | data | English | United States |
RT_CURSOR | 0x97a02c | 0x134 | empty | ||
RT_CURSOR | 0x97a160 | 0x134 | empty | ||
RT_CURSOR | 0x97a294 | 0x134 | empty | ||
RT_CURSOR | 0x97a3c8 | 0x134 | empty | ||
RT_CURSOR | 0x97a4fc | 0x134 | empty | ||
RT_CURSOR | 0x97a630 | 0xcac | empty | ||
RT_CURSOR | 0x97b2dc | 0x134 | empty | ||
RT_CURSOR | 0x97b410 | 0xcac | empty | ||
RT_CURSOR | 0x97c0bc | 0x10ac | empty | ||
RT_CURSOR | 0x97d168 | 0x10ac | empty | ||
RT_CURSOR | 0x97e214 | 0x10ac | empty | ||
RT_CURSOR | 0x97f2c0 | 0x10ac | empty | ||
RT_CURSOR | 0x98036c | 0x10ac | empty | ||
RT_CURSOR | 0x981418 | 0x10ac | empty | ||
RT_CURSOR | 0x9824c4 | 0x10ac | empty | ||
RT_CURSOR | 0x983570 | 0x10ac | empty | ||
RT_CURSOR | 0x98461c | 0x10ac | empty | ||
RT_CURSOR | 0x9856c8 | 0x10ac | empty | ||
RT_CURSOR | 0x986774 | 0x10ac | empty | ||
RT_CURSOR | 0x987820 | 0x134 | empty | ||
RT_CURSOR | 0x987954 | 0x134 | empty | ||
RT_CURSOR | 0x987a88 | 0x134 | empty | ||
RT_CURSOR | 0x987bbc | 0x134 | empty | ||
RT_ICON | 0x9ebbb4 | 0x6fb0 | Device independent bitmap graphic, 83 x 166 x 32, image size 27556 | ||
RT_MENU | 0x98eca0 | 0x2be | empty | Chinese | China |
RT_MENU | 0x98ef60 | 0x32e | empty | Chinese | China |
RT_MENU | 0x98f290 | 0x2e8 | empty | Chinese | China |
RT_STRING | 0x98f578 | 0x1f8 | empty | English | United States |
RT_STRING | 0x98f770 | 0x1f8 | empty | English | United States |
RT_STRING | 0x98f968 | 0x224 | empty | English | United States |
RT_STRING | 0x98fb8c | 0x1c2 | empty | English | United States |
RT_STRING | 0x98fd50 | 0x1f8 | empty | English | United States |
RT_STRING | 0x98ff48 | 0x388 | empty | English | United States |
RT_STRING | 0x9902d0 | 0x714 | empty | English | United States |
RT_STRING | 0x9909e4 | 0x74a | empty | English | United States |
RT_STRING | 0x991130 | 0x716 | empty | English | United States |
RT_STRING | 0x991848 | 0x7ce | empty | English | United States |
RT_STRING | 0x992018 | 0x658 | empty | English | United States |
RT_STRING | 0x992670 | 0x660 | empty | English | United States |
RT_STRING | 0x992cd0 | 0x660 | empty | English | United States |
RT_STRING | 0x993330 | 0x660 | empty | English | United States |
RT_STRING | 0x993990 | 0x660 | empty | English | United States |
RT_STRING | 0x993ff0 | 0x66c | empty | English | United States |
RT_STRING | 0x99465c | 0x6c0 | empty | English | United States |
RT_STRING | 0x994d1c | 0x6c0 | empty | English | United States |
RT_STRING | 0x9953dc | 0x6c0 | empty | English | United States |
RT_STRING | 0x995a9c | 0x6c0 | empty | English | United States |
RT_STRING | 0x99615c | 0x6c0 | empty | English | United States |
RT_STRING | 0x99681c | 0x640 | empty | English | United States |
RT_STRING | 0x996e5c | 0x640 | empty | English | United States |
RT_STRING | 0x99749c | 0x640 | empty | English | United States |
RT_STRING | 0x997adc | 0x640 | empty | English | United States |
RT_STRING | 0x99811c | 0x640 | empty | English | United States |
RT_STRING | 0x99875c | 0x2a4 | empty | English | United States |
RT_STRING | 0x998a00 | 0x24c | empty | English | United States |
RT_STRING | 0x998c4c | 0x234 | empty | English | United States |
RT_STRING | 0x998e80 | 0x208 | empty | English | United States |
RT_STRING | 0x999088 | 0x204 | empty | English | United States |
RT_STRING | 0x99928c | 0x27c | empty | English | United States |
RT_STRING | 0x999508 | 0x2a0 | empty | English | United States |
RT_STRING | 0x9997a8 | 0x2a0 | empty | English | United States |
RT_STRING | 0x999a48 | 0x2a0 | empty | English | United States |
RT_STRING | 0x999ce8 | 0x2a0 | empty | English | United States |
RT_STRING | 0x999f88 | 0x2dc | empty | English | United States |
RT_STRING | 0x99a264 | 0x300 | empty | English | United States |
RT_STRING | 0x99a564 | 0x300 | empty | English | United States |
RT_STRING | 0x99a864 | 0x300 | empty | English | United States |
RT_STRING | 0x99ab64 | 0x300 | empty | English | United States |
RT_STRING | 0x99ae64 | 0x2c0 | empty | English | United States |
RT_STRING | 0x99b124 | 0x280 | empty | English | United States |
RT_STRING | 0x99b3a4 | 0x280 | empty | English | United States |
RT_STRING | 0x99b624 | 0x280 | empty | English | United States |
RT_STRING | 0x99b8a4 | 0x280 | empty | English | United States |
RT_STRING | 0x99bb24 | 0x48a | empty | English | United States |
RT_STRING | 0x99bfb0 | 0x81e | empty | English | United States |
RT_STRING | 0x99c7d0 | 0x7ec | empty | English | United States |
RT_STRING | 0x99cfbc | 0x84c | empty | English | United States |
RT_STRING | 0x99d808 | 0x862 | empty | English | United States |
RT_STRING | 0x99e06c | 0x88c | empty | English | United States |
RT_STRING | 0x99e8f8 | 0xf70 | empty | English | United States |
RT_STRING | 0x99f868 | 0xdfa | empty | English | United States |
RT_STRING | 0x9a0664 | 0xe38 | empty | English | United States |
RT_STRING | 0x9a149c | 0xef4 | empty | English | United States |
RT_STRING | 0x9a2390 | 0xcf8 | empty | English | United States |
RT_STRING | 0x9a3088 | 0x1072 | empty | English | United States |
RT_STRING | 0x9a40fc | 0x1064 | empty | English | United States |
RT_STRING | 0x9a5160 | 0xfd6 | empty | English | United States |
RT_STRING | 0x9a6138 | 0x1082 | empty | English | United States |
RT_STRING | 0x9a71bc | 0xe0e | empty | English | United States |
RT_STRING | 0x9a7fcc | 0xec6 | empty | English | United States |
RT_STRING | 0x9a8e94 | 0x1008 | empty | English | United States |
RT_STRING | 0x9a9e9c | 0xe3e | empty | English | United States |
RT_STRING | 0x9aacdc | 0xf74 | empty | English | United States |
RT_STRING | 0x9abc50 | 0xe08 | empty | English | United States |
RT_STRING | 0x9aca58 | 0x95c | empty | English | United States |
RT_STRING | 0x9ad3b4 | 0xa1a | empty | English | United States |
RT_STRING | 0x9addd0 | 0x8fe | empty | English | United States |
RT_STRING | 0x9ae6d0 | 0xa98 | empty | English | United States |
RT_STRING | 0x9af168 | 0x9be | empty | English | United States |
RT_STRING | 0x9afb28 | 0x8d8 | empty | English | United States |
RT_STRING | 0x9b0400 | 0xb56 | empty | English | United States |
RT_STRING | 0x9b0f58 | 0x98a | empty | English | United States |
RT_STRING | 0x9b18e4 | 0xac8 | empty | English | United States |
RT_STRING | 0x9b23ac | 0xa96 | empty | English | United States |
RT_STRING | 0x9b2e44 | 0x686 | empty | English | United States |
RT_STRING | 0x9b34cc | 0x632 | empty | English | United States |
RT_STRING | 0x9b3b00 | 0x69c | empty | English | United States |
RT_STRING | 0x9b419c | 0x704 | empty | English | United States |
RT_STRING | 0x9b48a0 | 0x63a | empty | English | United States |
RT_STRING | 0x9b4edc | 0x788 | empty | English | United States |
RT_STRING | 0x9b5664 | 0x8da | empty | English | United States |
RT_STRING | 0x9b5f40 | 0x84e | empty | English | United States |
RT_STRING | 0x9b6790 | 0x880 | empty | English | United States |
RT_STRING | 0x9b7010 | 0x852 | empty | English | United States |
RT_STRING | 0x9b7864 | 0x9d2 | empty | English | United States |
RT_STRING | 0x9b8238 | 0x11b8 | empty | English | United States |
RT_STRING | 0x9b93f0 | 0x11e6 | empty | English | United States |
RT_STRING | 0x9ba5d8 | 0xfb0 | empty | English | United States |
RT_STRING | 0x9bb588 | 0x120a | empty | English | United States |
RT_STRING | 0x9bc794 | 0xc5c | empty | English | United States |
RT_STRING | 0x9bd3f0 | 0x9e4 | empty | English | United States |
RT_STRING | 0x9bddd4 | 0xa5a | empty | English | United States |
RT_STRING | 0x9be830 | 0x9c0 | empty | English | United States |
RT_STRING | 0x9bf1f0 | 0xa2a | empty | English | United States |
RT_STRING | 0x9bfc1c | 0xab6 | empty | English | United States |
RT_STRING | 0x9c06d4 | 0x1cec | empty | English | United States |
RT_STRING | 0x9c23c0 | 0x1d70 | empty | English | United States |
RT_STRING | 0x9c4130 | 0x1baa | empty | English | United States |
RT_STRING | 0x9c5cdc | 0x1dc8 | empty | English | United States |
RT_STRING | 0x9c7aa4 | 0x19b2 | empty | English | United States |
RT_STRING | 0x9c9458 | 0xc0 | empty | English | United States |
RT_STRING | 0x9c9518 | 0xc0 | empty | English | United States |
RT_STRING | 0x9c95d8 | 0xc8 | empty | English | United States |
RT_STRING | 0x9c96a0 | 0xc0 | empty | English | United States |
RT_STRING | 0x9c9760 | 0xcc | empty | English | United States |
RT_STRING | 0x9c982c | 0xba6 | empty | English | United States |
RT_STRING | 0x9ca3d4 | 0xdca | empty | English | United States |
RT_STRING | 0x9cb1a0 | 0xc14 | empty | English | United States |
RT_STRING | 0x9cbdb4 | 0xdf6 | empty | English | United States |
RT_STRING | 0x9ccbac | 0xd0c | empty | English | United States |
RT_STRING | 0x9cd8b8 | 0x8da | empty | English | United States |
RT_STRING | 0x9ce194 | 0xab4 | empty | English | United States |
RT_STRING | 0x9cec48 | 0x944 | empty | English | United States |
RT_STRING | 0x9cf58c | 0x9fa | empty | English | United States |
RT_STRING | 0x9cff88 | 0xa06 | empty | English | United States |
RT_STRING | 0x9d0990 | 0x356 | empty | English | United States |
RT_STRING | 0x9d0ce8 | 0x160 | empty | English | United States |
RT_STRING | 0x9d0e48 | 0x160 | empty | English | United States |
RT_STRING | 0x9d0fa8 | 0x160 | empty | English | United States |
RT_STRING | 0x9d1108 | 0x160 | empty | English | United States |
RT_STRING | 0x9d1268 | 0x150 | empty | English | United States |
RT_STRING | 0x9d13b8 | 0x140 | empty | English | United States |
RT_STRING | 0x9d14f8 | 0x140 | empty | English | United States |
RT_STRING | 0x9d1638 | 0x140 | empty | English | United States |
RT_STRING | 0x9d1778 | 0x140 | empty | English | United States |
RT_STRING | 0x9d18b8 | 0x154 | empty | English | United States |
RT_STRING | 0x9d1a0c | 0x18e | empty | English | United States |
RT_STRING | 0x9d1b9c | 0x186 | empty | English | United States |
RT_STRING | 0x9d1d24 | 0x17c | empty | English | United States |
RT_STRING | 0x9d1ea0 | 0x178 | empty | English | United States |
RT_STRING | 0x9d2018 | 0x194 | empty | English | United States |
RT_STRING | 0x9d21ac | 0x270 | empty | English | United States |
RT_STRING | 0x9d241c | 0x248 | empty | English | United States |
RT_STRING | 0x9d2664 | 0x248 | empty | English | United States |
RT_STRING | 0x9d28ac | 0x2b2 | empty | English | United States |
RT_STRING | 0x9d2b60 | 0x222 | empty | English | United States |
RT_STRING | 0x9d2d84 | 0x1c0 | empty | English | United States |
RT_STRING | 0x9d2f44 | 0x1c0 | empty | English | United States |
RT_STRING | 0x9d3104 | 0x1c0 | empty | English | United States |
RT_STRING | 0x9d32c4 | 0x1c0 | empty | English | United States |
RT_STRING | 0x9d3484 | 0x1c0 | empty | English | United States |
RT_STRING | 0x9d3644 | 0x84 | empty | English | United States |
RT_RCDATA | 0x9d36c8 | 0x54af | empty | ||
RT_RCDATA | 0x9d8b78 | 0x897 | empty | ||
RT_GROUP_CURSOR | 0x9d9410 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9424 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9438 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d944c | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9460 | 0x22 | empty | ||
RT_GROUP_CURSOR | 0x9d9484 | 0x22 | empty | ||
RT_GROUP_CURSOR | 0x9d94a8 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d94bc | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d94d0 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d94e4 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d94f8 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d950c | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9520 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9534 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9548 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d955c | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9570 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9584 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d9598 | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d95ac | 0x14 | empty | ||
RT_GROUP_CURSOR | 0x9d95c0 | 0x14 | empty | ||
RT_GROUP_ICON | 0x9f4c20 | 0x14 | data | ||
RT_VERSION | 0x9f4c74 | 0x358 | data | English | United States |
RT_MANIFEST | 0x9f500c | 0x425 | XML 1.0 document, ASCII text, with very long lines (1061), with no line terminators | English | United States |
None | 0x9d9d68 | 0x1dc | empty | Russian | Russia |
None | 0x9d9f44 | 0x724 | empty | Russian | Russia |
None | 0x9da668 | 0x1f8 | empty | Russian | Russia |
None | 0x9da860 | 0x204 | empty | Russian | Russia |
None | 0x9daa64 | 0x188 | empty | Russian | Russia |
None | 0x9dabec | 0x11c | empty | Russian | Russia |
None | 0x9dad08 | 0x94 | empty | Russian | Russia |
None | 0x9dad9c | 0x7c | empty | Russian | Russia |
None | 0x9dae18 | 0x180 | empty | Russian | Russia |
None | 0x9daf98 | 0x278 | empty | Russian | Russia |
None | 0x9db210 | 0x7d8 | empty | Russian | Russia |
None | 0x9db9e8 | 0x124 | empty | Russian | Russia |
None | 0x9dbb0c | 0x2e8 | empty | Russian | Russia |
None | 0x9dbdf4 | 0x128 | empty | Russian | Russia |
None | 0x9dbf1c | 0x228 | empty | Russian | Russia |
None | 0x9dc144 | 0x114 | empty | Russian | Russia |
None | 0x9dc258 | 0x158 | empty | Russian | Russia |
DLL | Import |
---|---|
KERNEL32.DLL | GetModuleHandleA, GetProcAddress |
ole32.dll | OleInitialize |
OLEAUT32.dll | SafeArrayCreate |
USER32.dll | GetProcessWindowStation |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | China | |
Russian | Russia |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.4185.206.213.3249696427942850286 11/24/22-19:43:22.900750 | TCP | 2850286 | ETPRO TROJAN Redline Stealer TCP CnC Activity | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
192.168.2.4185.206.213.3249696427942850027 11/24/22-19:43:19.130595 | TCP | 2850027 | ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
185.206.213.32192.168.2.442794496962850353 11/24/22-19:43:20.869342 | TCP | 2850353 | ETPRO MALWARE Redline Stealer TCP CnC - Id1Response | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2022 19:43:18.693483114 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:18.722625017 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:18.726129055 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:19.130594969 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:19.161923885 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:19.308361053 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:20.836399078 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:20.869342089 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:21.011712074 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:22.900749922 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:22.941775084 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:22.941839933 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:22.941886902 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:22.941932917 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:22.941987991 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:22.941994905 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:22.942058086 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:23.011904955 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.912053108 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.939960957 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.940021992 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.940057039 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.940085888 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.940196037 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.940273046 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.967849016 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.967904091 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.967935085 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.967983961 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.968269110 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.968297958 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.968331099 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.968363047 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.968411922 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.968472958 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.968477011 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.968564034 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.996155977 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996207952 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996241093 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996309996 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996339083 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996391058 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996531963 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.996648073 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.996655941 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996687889 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.996743917 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.996815920 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.996905088 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:36.997243881 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997409105 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997534037 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997565031 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997592926 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997670889 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.997924089 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:36.998081923 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.024167061 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024219990 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024291992 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024322033 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024352074 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024401903 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.024766922 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024796963 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024919033 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.024983883 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025053978 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025084972 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025212049 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025309086 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025352001 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025489092 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025522947 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025625944 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025733948 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025765896 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025794029 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025821924 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025898933 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.025928020 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026026011 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026057005 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026170969 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026201010 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026202917 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.026298046 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026329994 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026387930 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.026410103 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026635885 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026665926 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026694059 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026724100 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026802063 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026909113 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026943922 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.026973009 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027055979 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027137041 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027165890 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027194977 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027405024 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027432919 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.027601957 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.052233934 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.053858042 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.053917885 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054122925 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054310083 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054621935 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.054666996 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054704905 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054752111 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054775000 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.054784060 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054951906 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.054984093 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055128098 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055160999 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055243969 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055273056 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055351973 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055525064 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055718899 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055748940 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055778980 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055814981 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.055893898 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.056019068 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.056047916 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.056123972 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.056202888 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.056323051 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.057213068 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.057333946 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.082350969 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.082489014 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.082675934 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.082706928 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083080053 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083236933 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083434105 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083465099 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083606958 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083636999 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083746910 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083777905 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083832979 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.083913088 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084037066 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084065914 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084147930 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084235907 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084266901 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084717989 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084788084 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084907055 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.084938049 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085030079 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085057974 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085150957 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085180044 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085442066 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085472107 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085499048 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085530043 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085571051 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085704088 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085874081 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085903883 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085932016 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085959911 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.085977077 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.086023092 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086052895 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086159945 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.086179972 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086299896 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086426020 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086455107 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086534023 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086654902 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086731911 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086872101 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.086931944 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087099075 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087174892 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087203026 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087321043 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087529898 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.087856054 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.087991953 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.113903999 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.113951921 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.113974094 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114002943 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114125967 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114155054 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114358902 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114531994 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114561081 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114639044 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114787102 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114923000 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114953041 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.114980936 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115115881 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115144968 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115235090 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115561008 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115633965 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.115880013 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116027117 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116102934 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116133928 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116264105 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116293907 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116404057 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116573095 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116601944 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116632938 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116719961 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116828918 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116919994 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.116954088 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.117083073 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117099047 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.117113113 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117252111 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117387056 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117414951 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117538929 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117616892 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117692947 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117721081 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117840052 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117916107 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.117943048 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.118082047 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.118204117 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.119148016 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.119311094 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.144896030 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.144947052 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.144978046 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145083904 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145181894 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145234108 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145374060 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145451069 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145704031 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145733118 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145762920 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145814896 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145843029 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.145935059 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146089077 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146119118 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146250010 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146373987 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146534920 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146565914 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146594048 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146687031 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146856070 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146913052 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.146940947 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147052050 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147125006 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147208929 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147238970 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147268057 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147500992 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147531033 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147558928 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147588015 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147617102 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147644997 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.147679090 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147707939 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147736073 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147789001 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.147809029 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147924900 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.147953987 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148031950 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148060083 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148087025 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148209095 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148283005 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148358107 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148477077 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148504972 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148581982 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148608923 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148772001 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148801088 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148828983 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148905039 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.148932934 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.149008989 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.149101019 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.149735928 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.149837971 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.175533056 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175591946 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175621986 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175652027 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175679922 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175707102 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.175956011 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176104069 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176233053 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176367998 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176513910 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176592112 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176620960 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176649094 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176745892 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.176788092 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177062988 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177093983 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177165985 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177196980 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177297115 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177500963 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177583933 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177615881 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177647114 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177784920 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177843094 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.177932024 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178049088 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178128958 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178179979 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178215027 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:37.178257942 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178467989 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178553104 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178630114 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178750038 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178823948 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178843975 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.178941011 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179063082 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179141045 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179217100 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179377079 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179451942 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179574013 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179694891 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179773092 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.179892063 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.206902027 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.207045078 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.207079887 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.207653999 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.207710028 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.207796097 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.208349943 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.208447933 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.208583117 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.360045910 CET | 42794 | 49696 | 185.206.213.32 | 192.168.2.4 |
Nov 24, 2022 19:43:37.450454950 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Nov 24, 2022 19:43:39.065957069 CET | 49696 | 42794 | 192.168.2.4 | 185.206.213.32 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 19:42:59 |
Start date: | 24/11/2022 |
Path: | C:\Users\user\Desktop\UniverseCity.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4881408 bytes |
MD5 hash: | 2815815F0488B3D2307C3A914DDC1D7A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |