Edit tour
Windows
Analysis Report
xFk6x2mrd7.exe
Overview
General Information
| Sample name: | xFk6x2mrd7.exerenamed because original name is a hash value |
| Original sample name: | 18fd0471029adc5a608cc7c442a97f3a.exe |
| Analysis ID: | 1464974 |
| MD5: | 18fd0471029adc5a608cc7c442a97f3a |
| SHA1: | 74854bda1aa3e60c3b6f58e8f77882ac7f958486 |
| SHA256: | 1e92e176dd94bb165b9ac9a391ed84ad473ae69a44139d2f9765dd56974cee0d |
| Tags: | exeRedLineStealer |
| Infos: |   |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
xFk6x2mrd7.exe (PID: 6576 cmdline: "C:\Users\ user\Deskt op\xFk6x2m rd7.exe" MD5: 18FD0471029ADC5A608CC7C442A97F3A) 
conhost.exe (PID: 6596 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
MSBuild.exe (PID: 6812 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "94.228.166.68:80", "Bot Id": "@MarsSellers12", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "e0c4915670bce95535bec15e4bb6341a"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Kiran kumar s, oscd.community: | ||
| Timestamp: | 07/01/24-03:11:58.328714 |
| SID: | 2046045 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/01/24-03:11:58.539624 |
| SID: | 2043234 |
| Source Port: | 80 |
| Destination Port: | 49731 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/01/24-03:12:07.139354 |
| SID: | 2043231 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_0599EF68 | |
| Source: | Code function: | 2_2_059939C0 | |
| Source: | Code function: | 2_2_0599DA87 | |
| Source: | Code function: | 2_2_0599DA87 | |
| Source: | Code function: | 2_2_05993C92 | |
| Source: | Code function: | 2_2_05993CC0 | |
| Source: | Code function: | 2_2_0599B618 | |
| Source: | Code function: | 2_2_0599B609 | |
| Source: | Code function: | 2_2_0599A93B | |
| Source: | Code function: | 2_2_0599D07C | |
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_6CC02760 | |
| Source: | Code function: | 0_2_6CC01090 | |
| Source: | Code function: | 0_2_6CC02D80 | |
| Source: | Code function: | 0_2_6CC02760 | |
| Source: | Code function: | 0_2_6CC16285 | |
| Source: | Code function: | 0_2_6CC23B17 | |
| Source: | Code function: | 2_2_0085DC74 | |
| Source: | Code function: | 2_2_049B8FF8 | |
| Source: | Code function: | 2_2_049B6948 | |
| Source: | Code function: | 2_2_049B0007 | |
| Source: | Code function: | 2_2_049B0040 | |
| Source: | Code function: | 2_2_049B8FE8 | |
| Source: | Code function: | 2_2_0599E5A8 | |
| Source: | Code function: | 2_2_05997DE0 | |
| Source: | Code function: | 2_2_05997510 | |
| Source: | Code function: | 2_2_05990F28 | |
| Source: | Code function: | 2_2_0599EF68 | |
| Source: | Code function: | 2_2_05998E40 | |
| Source: | Code function: | 2_2_0599D130 | |
| Source: | Code function: | 2_2_059998E8 | |
| Source: | Code function: | 2_2_0599F8E8 | |
| Source: | Code function: | 2_2_0599B028 | |
| Source: | Code function: | 2_2_0599A050 | |
| Source: | Code function: | 2_2_0599C3D0 | |
| Source: | Code function: | 2_2_0599DA87 | |
| Source: | Code function: | 2_2_059992A8 | |
| Source: | Code function: | 2_2_0599BA69 | |
| Source: | Code function: | 2_2_05990F18 | |
| Source: | Code function: | 2_2_0599B618 | |
| Source: | Code function: | 2_2_0599B609 | |
| Source: | Code function: | 2_2_05998E30 | |
| Source: | Code function: | 2_2_059971C8 | |
| Source: | Code function: | 2_2_0599D12F | |
| Source: | Code function: | 2_2_0599F8A1 | |
| Source: | Code function: | 2_2_059998E7 | |
| Source: | Code function: | 2_2_0599F8E7 | |
| Source: | Code function: | 2_2_0599B027 | |
| Source: | Code function: | 2_2_05999298 | |
| Source: | Code function: | 2_2_059AEA18 | |
| Source: | Code function: | 2_2_059A1831 | |
| Source: | Code function: | 2_2_059A43C0 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Static file information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_6CC169C7 | |
| Source: | Code function: | 0_2_6CC23B12 | |
| Source: | Code function: | 2_2_049BDC01 | |
| Source: | Code function: | 2_2_059965FE | |
| Source: | Code function: | 2_2_0599750E | |
| Source: | Code function: | 2_2_0599557A | |
| Source: | Code function: | 2_2_059954CA | |
| Source: | Code function: | 2_2_05995762 | |
| Source: | Code function: | 2_2_0599BF89 | |
| Source: | Code function: | 2_2_059956EA | |
| Source: | Code function: | 2_2_059958C6 | |
| Source: | Code function: | 2_2_0599B026 | |
| Source: | Code function: | 2_2_0599AA36 | |
| Source: | Code function: | 2_2_0599C272 | |
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_059945A8 | |
| Source: | Code function: | 0_2_6CC0B69A | |
| Source: | Code function: | 0_2_6CC1140B | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_6CC0B1C1 | |
| Source: | Code function: | 0_2_6CC0B69A | |
| Source: | Code function: | 0_2_6CC0F637 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_6CC02D80 | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_6CC0B858 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_6CC0B2E3 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 341 Security Software Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | 124 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 79% | ReversingLabs | Win32.Spyware.RedLine | ||
| 100% | Avira | HEUR/AGEN.1311437 | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 53% | ReversingLabs | Win32.Trojan.LummaStealer |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.ip.sb | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 94.228.166.68 | unknown | Russian Federation | 48467 | PRANET-ASRU | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1464974 |
| Start date and time: | 2024-07-01 03:11:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | xFk6x2mrd7.exerenamed because original name is a hash value |
| Original Sample Name: | 18fd0471029adc5a608cc7c442a97f3a.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@4/3@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded IPs from analysis (whitelisted): 104.26.12.31, 172.67.75.172, 104.26.13.31, 20.114.59.183
- Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: xFk6x2mrd7.exe
| Time | Type | Description |
|---|---|---|
| 21:12:04 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 94.228.166.68 | Get hash | malicious | RedLine, Xmrig | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| PRANET-ASRU | Get hash | malicious | RedLine, Xmrig | Browse |
| |
| Get hash | malicious | LummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Amadey | Browse |
| ||
| Get hash | malicious | LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | AsyncRAT, PureLog Stealer, Xmrig, zgRAT | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3094 |
| Entropy (8bit): | 5.33145931749415 |
| Encrypted: | false |
| SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
| MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
| SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
| SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
| SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\xFk6x2mrd7.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42 |
| Entropy (8bit): | 4.0050635535766075 |
| Encrypted: | false |
| SSDEEP: | 3:QHXMKa/xwwUy:Q3La/xwQ |
| MD5: | 84CFDB4B995B1DBF543B26B86C863ADC |
| SHA1: | D2F47764908BF30036CF8248B9FF5541E2711FA2 |
| SHA-256: | D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B |
| SHA-512: | 485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\xFk6x2mrd7.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 429568 |
| Entropy (8bit): | 5.884262476306309 |
| Encrypted: | false |
| SSDEEP: | 6144:tfbuDSGUgh8uvy6fyMIHBsxu5wmS3UE9OgiPProBNmu:tgUgtv+Bsxu5o3NIgiPEXx |
| MD5: | BE83077ACEA269C2187E97BB1B69105D |
| SHA1: | 987759A7153784121F4EF96CF4D78D1E9C552FC3 |
| SHA-256: | 4045CE5F58A63DD9CF525424F950F8D6EA8BE2D0B93069B691077480787FFA78 |
| SHA-512: | E9F6DA69AF0730912586D4A8D388069872F1ED27E2E1B0C54570ADD6DED52F5E0E1DA268E55615CD82076FA2FB1DD559CCA7BDA23E45FA2CC5C08E1CFA8C6E94 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.166616929707346 |
| TrID: |
|
| File name: | xFk6x2mrd7.exe |
| File size: | 364'032 bytes |
| MD5: | 18fd0471029adc5a608cc7c442a97f3a |
| SHA1: | 74854bda1aa3e60c3b6f58e8f77882ac7f958486 |
| SHA256: | 1e92e176dd94bb165b9ac9a391ed84ad473ae69a44139d2f9765dd56974cee0d |
| SHA512: | 9cc462178cf8b63b27de90998c3a8cc722cec0bbde604e66482510c3888a78b1e869b4d3e7195c3361bb7fce43392c204c5b760948afd3bbddd6ee225bb61e00 |
| SSDEEP: | 6144:MM/FgKFH4ZtKyKtHFrO/ODMruf29AYlxJzZfPkcdeyO9U/PRdygA/g3/FGXIqNPo:MI/FutKyQli/3rtT5zPdeyO9U/PRdygE |
| TLSH: | 847472DDB66076DFC867D462DEA82CA4EA6035BB832F4203912715EDDA4C897DF140F2 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%K}f.................D...F...........`... ....@.. ....................... ............@................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x46000a |
| Entrypoint Section: | |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x667D4B25 [Thu Jun 27 11:21:09 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00460000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x367f0 | 0x4b | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5c000 | 0x708 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5e000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x60000 | 0x8 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x36000 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| hTI<GU | 0x2000 | 0x33ad0 | 0x33c00 | 9eb466f3bf5b4114a35e46a20c167edd | False | 1.0003349562198067 | data | 7.9991516935950715 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .text | 0x36000 | 0x24130 | 0x24200 | 90234ef2e5cd346249b89beaf6466665 | False | 0.3637745999134948 | data | 4.658950186278248 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x5c000 | 0x708 | 0x800 | 1d787ed6c4b97baca56d3ff56006a715 | False | 0.37158203125 | data | 3.7983394671855426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x5e000 | 0xc | 0x200 | 1e37c0bd08615c8250069f61ab34fa51 | False | 0.044921875 | data | 0.07763316234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| 0x60000 | 0x10 | 0x200 | 5171f734e1ace2a5e021287851456a44 | False | 0.044921875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x5c0a0 | 0x478 | data | 0.4012237762237762 | ||
| RT_MANIFEST | 0x5c518 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 07/01/24-03:11:58.328714 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| 07/01/24-03:11:58.539624 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| 07/01/24-03:12:07.139354 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 1, 2024 03:11:50.325644970 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
| Jul 1, 2024 03:11:57.432231903 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:11:57.442897081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:11:57.442986965 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:11:57.467086077 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:11:57.472150087 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:11:58.298468113 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:11:58.328713894 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:11:58.334120035 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:11:58.539623976 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:11:58.591370106 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:11:59.935131073 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
| Jul 1, 2024 03:12:03.579365015 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:03.584655046 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798269987 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798331022 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798368931 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798403978 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798404932 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:03.798441887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798477888 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.798491955 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:03.798568010 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:03.892632008 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:03.935038090 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.254082918 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.259042978 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259057999 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259073019 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259079933 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259087086 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259114027 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.259135008 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.259151936 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259160042 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259172916 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.259182930 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259191990 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259202957 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.259206057 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.259258032 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.263915062 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.263933897 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.263978958 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.263986111 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.263993979 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.263997078 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264050007 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264055967 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264147043 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264194965 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264236927 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264307022 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.264420986 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.268491030 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273493052 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273554087 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273577929 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273610115 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273662090 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273689032 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273716927 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273741007 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273761988 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273766994 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273804903 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273813009 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273857117 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273859978 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273899078 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273906946 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273906946 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273967028 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.273973942 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.273982048 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274009943 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274019003 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274071932 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274072886 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274080992 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274121046 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274148941 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274157047 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274174929 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274202108 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274223089 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274259090 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274264097 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274271965 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274312973 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274358988 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274373055 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274411917 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274415970 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274455070 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.274456978 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.274506092 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278378963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278425932 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278434038 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278440952 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278449059 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278466940 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278484106 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278491020 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278501987 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278505087 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278523922 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278554916 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278558016 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278563023 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278570890 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278604031 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278613091 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.278614998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278628111 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278635025 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278662920 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278671026 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278755903 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278764009 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278784990 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278791904 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278850079 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278856993 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278870106 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278877974 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278915882 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278923035 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278969049 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.278976917 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279037952 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279046059 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279052973 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279061079 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279088974 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279165983 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279174089 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279181004 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279189110 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279223919 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279232025 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279272079 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279278994 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279290915 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279299974 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279313087 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279371023 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.279378891 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279422998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279431105 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279443979 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.279450893 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279459000 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279489994 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279496908 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279532909 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.279541016 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283137083 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283144951 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283209085 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283216953 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283252001 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283258915 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283358097 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283366919 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283373117 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283380032 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283392906 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283401012 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283413887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283421040 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283463955 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283473015 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283535004 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283543110 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283672094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283679008 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283682108 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283685923 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283693075 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283699989 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283781052 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283788919 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283796072 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283802986 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283816099 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283823013 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283862114 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283869028 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283876896 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283906937 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283962011 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283968925 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.283976078 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284143925 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.284207106 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.284286022 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284293890 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284315109 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284322023 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284343958 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284370899 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284378052 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284415960 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284451008 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284459114 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284467936 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284533978 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284542084 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284559965 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284567118 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284595966 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284603119 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284666061 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284673929 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284682035 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284696102 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284703970 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284734011 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284742117 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284785032 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284792900 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284800053 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284813881 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284822941 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284828901 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284836054 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284856081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284863949 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284885883 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.284894943 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285248995 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285257101 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285264015 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285270929 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285276890 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285286903 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285294056 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285300970 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285307884 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285315037 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285321951 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285329103 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.285336018 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.287940979 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.287981987 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.287988901 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.288218975 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.288227081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289316893 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289324045 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289395094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289403915 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289489985 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289496899 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.289506912 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289557934 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.289558887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289566994 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289697886 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289731026 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289763927 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289771080 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289911985 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289920092 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289938927 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289982080 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289989948 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.289998055 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290045023 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290051937 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290064096 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290071964 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290096998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290194035 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290200949 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290209055 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290230036 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290236950 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290271044 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290330887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290338993 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290345907 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290370941 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290378094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290390968 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290399075 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290436983 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290445089 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290474892 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290482044 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290504932 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290513039 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290527105 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290596962 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290604115 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290611029 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290616989 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290633917 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290642023 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.290647984 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.291135073 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.291142941 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.291150093 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295583963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295651913 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295660019 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295663118 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295666933 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295698881 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295770884 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.295819998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295829058 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295838118 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295838118 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.295881033 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295891047 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295897961 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295907021 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295934916 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295943022 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295973063 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295980930 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.295984030 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296021938 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296030998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296123981 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296130896 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296139002 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296145916 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296153069 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296155930 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296226978 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296235085 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296241045 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296247959 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296255112 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296262026 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296268940 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296276093 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296355963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296365023 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296371937 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296377897 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296385050 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296391964 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296520948 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296528101 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296535969 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296541929 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296549082 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296555996 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296622038 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296631098 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296633959 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296639919 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296643019 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296650887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.296755075 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302541971 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302560091 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302567005 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302576065 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302608013 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302615881 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302656889 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302664995 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302697897 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302706003 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302714109 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.302736998 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302746058 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302772999 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.302773952 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302809954 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302817106 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302819967 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302844048 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302850962 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302918911 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302927017 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302944899 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.302994013 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303083897 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303091049 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303097963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303105116 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303112984 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303272963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303333044 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303340912 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303349018 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303390980 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303397894 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303507090 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303514957 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303524017 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303531885 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303539038 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303545952 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303553104 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303620100 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303627968 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303634882 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303641081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303648949 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303656101 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303663015 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303669930 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303710938 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303719044 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303725004 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303731918 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.303739071 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310240984 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310254097 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310270071 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310277939 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310285091 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310292959 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310302973 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310344934 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310353041 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310357094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310384989 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310415983 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.310435057 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310445070 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310448885 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310478926 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.310501099 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310508966 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310523033 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310529947 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310590982 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310599089 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310651064 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310658932 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310699940 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.310707092 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311275959 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311284065 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311316967 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311376095 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311383963 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311388016 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311451912 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311460018 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311465979 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311480999 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.311489105 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.356884003 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.356900930 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.357223034 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.357305050 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.357305050 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.357362032 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.361762047 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362158060 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362185001 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362231016 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362257957 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362284899 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362312078 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362360954 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362386942 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362412930 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362440109 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362489939 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362515926 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362543106 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362569094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362595081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362653017 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362679005 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362705946 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362735987 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362762928 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362875938 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362904072 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362931013 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.362978935 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363004923 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363032103 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363059044 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363085985 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363114119 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363140106 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363166094 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363192081 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.363218069 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.388139963 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.393495083 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.393665075 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.398561954 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398614883 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398643017 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398694038 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398722887 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398747921 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398775101 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398822069 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398849010 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398878098 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398905039 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398932934 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398958921 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.398987055 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.399013042 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:06.435015917 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:06.440149069 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:07.138489008 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:07.139353991 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Jul 1, 2024 03:12:07.144371986 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:07.456034899 CEST | 80 | 49731 | 94.228.166.68 | 192.168.2.4 |
| Jul 1, 2024 03:12:07.484842062 CEST | 49731 | 80 | 192.168.2.4 | 94.228.166.68 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 1, 2024 03:12:04.121299982 CEST | 59861 | 53 | 192.168.2.4 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 1, 2024 03:12:04.121299982 CEST | 192.168.2.4 | 1.1.1.1 | 0x8ca | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 1, 2024 03:12:04.128079891 CEST | 1.1.1.1 | 192.168.2.4 | 0x8ca | No error (0) | api.ip.sb.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49731 | 94.228.166.68 | 80 | 6812 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jul 1, 2024 03:11:57.467086077 CEST | 37 | OUT | |
| Jul 1, 2024 03:11:58.298468113 CEST | 1 | IN | |
| Jul 1, 2024 03:11:58.328713894 CEST | 202 | OUT | |
| Jul 1, 2024 03:11:58.539623976 CEST | 142 | IN | |
| Jul 1, 2024 03:12:03.579365015 CEST | 154 | OUT | |
| Jul 1, 2024 03:12:03.798269987 CEST | 1236 | IN | |
| Jul 1, 2024 03:12:03.798331022 CEST | 1236 | IN | |
| Jul 1, 2024 03:12:03.798368931 CEST | 448 | IN | |
| Jul 1, 2024 03:12:03.798403978 CEST | 1236 | IN | |
| Jul 1, 2024 03:12:03.798441887 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:11:53 |
| Start date: | 30/06/2024 |
| Path: | C:\Users\user\Desktop\xFk6x2mrd7.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xde0000 |
| File size: | 364'032 bytes |
| MD5 hash: | 18FD0471029ADC5A608CC7C442A97F3A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 21:11:53 |
| Start date: | 30/06/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 21:11:53 |
| Start date: | 30/06/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x90000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 18.3% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 3.5% |
| Total number of Nodes: | 1865 |
| Total number of Limit Nodes: | 10 |
Graph
Function 6CC02D80 Relevance: 86.1, APIs: 20, Strings: 25, Instructions: 7368injectionthreadmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC01090 Relevance: 45.1, APIs: 19, Strings: 6, Instructions: 1361filememoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC02760 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 371libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0AEB1 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC114DC Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC11E9A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0B858 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC1140B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC23B17 Relevance: .8, Instructions: 814COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0D0CA Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC1103A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0E27E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC12CF5 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0CCF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0FA88 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC10EDF Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 6CC0D46F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Execution Graph
| Execution Coverage: | 17% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 179 |
| Total number of Limit Nodes: | 11 |
Graph
Function 059AEA18 Relevance: 8.3, Strings: 6, Instructions: 772COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599DA87 Relevance: 5.5, Strings: 4, Instructions: 504COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059939C0 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059945A8 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599EF68 Relevance: .4, Instructions: 434COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0660 Relevance: 2.9, Strings: 2, Instructions: 406COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A84A8 Relevance: 2.8, Strings: 2, Instructions: 303COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AC618 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0040 Relevance: 2.8, Strings: 2, Instructions: 287COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AF618 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A33F7 Relevance: 2.7, Strings: 2, Instructions: 205COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A76A8 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AC050 Relevance: 1.7, Strings: 1, Instructions: 411COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 049B1CE4 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 049B1CF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00855935 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 049B0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00854248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A6258 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AC041 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059941F0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059935AF Relevance: 1.6, APIs: 1, Instructions: 51comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059935B8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059942F9 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A2080 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A6247 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A22C0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0651 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AD9A0 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5221 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A8078 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA978 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A6689 Relevance: .4, Instructions: 408COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A6698 Relevance: .4, Instructions: 403COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AB258 Relevance: .4, Instructions: 381COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A71F0 Relevance: .4, Instructions: 356COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A9E5B Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A77F9 Relevance: .3, Instructions: 308COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AB246 Relevance: .3, Instructions: 256COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5B28 Relevance: .2, Instructions: 241COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AAE10 Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A4830 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ADBA0 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A53D0 Relevance: .2, Instructions: 214COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AE078 Relevance: .2, Instructions: 187COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ACC80 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5B19 Relevance: .2, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0DB1 Relevance: .1, Instructions: 144COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AE068 Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA710 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA720 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AD800 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0006 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A634D Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A1518 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A562F Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A1509 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007FD4C4 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A2550 Relevance: .1, Instructions: 71COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AF970 Relevance: .1, Instructions: 71COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A2560 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AADF0 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0F78 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A16C7 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5098 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007FD4BF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ADF8A Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ADF12 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA969 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080D017 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AEA0A Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0520 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ADF98 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AE980 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A0530 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AE8D2 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007FD655 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059ACE50 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A05E0 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA6A0 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AE8E0 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA630 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A781F Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AEB38 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A1740 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A769D Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA6B0 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007FD654 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A05F0 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA640 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A1661 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A3387 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AFA29 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AFD17 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A4FF2 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AFD28 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A1688 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5000 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AFA38 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A5313 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A6C77 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A3F60 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A3F70 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA8E8 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A14D9 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059AA610 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A015E Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599B609 Relevance: .3, Instructions: 262COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599B618 Relevance: .3, Instructions: 257COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05993CC0 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05993C92 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599A93B Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0599D07C Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A29D7 Relevance: 32.8, Strings: 26, Instructions: 278COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 059A29E8 Relevance: 32.8, Strings: 26, Instructions: 273COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|