Windows
Analysis Report
fOsCO13KRs.exe
Overview
General Information
Sample name: | fOsCO13KRs.exerenamed because original name is a hash value |
Original sample name: | 533e2a477734c51c894f95335b5af00ddbc32af0b15d5173cb49f52df01a9f88.exe |
Analysis ID: | 1465370 |
MD5: | cb98320171d36e2b913c56a4cddfad44 |
SHA1: | d9d8c535906d83f2de73759af8739d2985fdf7dd |
SHA256: | 533e2a477734c51c894f95335b5af00ddbc32af0b15d5173cb49f52df01a9f88 |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
fOsCO13KRs.exe (PID: 6332 cmdline:
"C:\Users\ user\Deskt op\fOsCO13 KRs.exe" MD5: CB98320171D36E2B913C56A4CDDFAD44) conhost.exe (PID: 7020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) MSBuild.exe (PID: 4052 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "94.228.166.68:80", "Bot Id": "@skayoker38", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "b8851f20ca79c66b401f2e171c930f0d"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
System Summary |
---|
Source: | Author: Kiran kumar s, oscd.community: |
Timestamp: | 07/01/24-15:44:00.166826 |
SID: | 2046045 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-15:44:00.376088 |
SID: | 2043234 |
Source Port: | 80 |
Destination Port: | 49718 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-15:44:08.664219 |
SID: | 2043231 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_6D16F968 |
Source: | Code function: | 3_2_067139C0 | |
Source: | Code function: | 3_2_0671A7CC | |
Source: | Code function: | 3_2_06713C93 | |
Source: | Code function: | 3_2_06718872 | |
Source: | Code function: | 3_2_06718880 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_6D162970 |
Source: | Code function: | 0_2_6D162D80 | |
Source: | Code function: | 0_2_6D1612E0 | |
Source: | Code function: | 0_2_6D161010 | |
Source: | Code function: | 0_2_6D16A4E0 | |
Source: | Code function: | 0_2_6D175F05 | |
Source: | Code function: | 0_2_6D162B80 | |
Source: | Code function: | 0_2_6D183B17 | |
Source: | Code function: | 0_2_0307B100 | |
Source: | Code function: | 0_2_0307107F | |
Source: | Code function: | 0_2_03079080 | |
Source: | Code function: | 0_2_03078E40 | |
Source: | Code function: | 0_2_0307E6F0 | |
Source: | Code function: | 0_2_0307B500 | |
Source: | Code function: | 0_2_0307C560 | |
Source: | Code function: | 0_2_0307B358 | |
Source: | Code function: | 0_2_0307B368 | |
Source: | Code function: | 0_2_03079070 | |
Source: | Code function: | 0_2_030710B0 | |
Source: | Code function: | 0_2_0307B0F0 | |
Source: | Code function: | 0_2_0307F7A3 | |
Source: | Code function: | 0_2_030797A8 | |
Source: | Code function: | 0_2_03078E10 | |
Source: | Code function: | 0_2_0307A690 | |
Source: | Code function: | 0_2_0307E6DF | |
Source: | Code function: | 0_2_0307AD59 | |
Source: | Code function: | 0_2_03070D89 | |
Source: | Code function: | 0_2_03078DA0 | |
Source: | Code function: | 0_2_03078DC0 | |
Source: | Code function: | 0_2_03078DD8 | |
Source: | Code function: | 0_2_0307FC22 | |
Source: | Code function: | 0_2_030794D8 | |
Source: | Code function: | 3_2_0302DC74 | |
Source: | Code function: | 3_2_06719320 | |
Source: | Code function: | 3_2_06710F28 | |
Source: | Code function: | 3_2_06716FA8 | |
Source: | Code function: | 3_2_06718DC0 | |
Source: | Code function: | 3_2_06719B20 | |
Source: | Code function: | 3_2_06717878 | |
Source: | Code function: | 3_2_0671A880 | |
Source: | Code function: | 3_2_06719311 | |
Source: | Code function: | 3_2_06710F18 | |
Source: | Code function: | 3_2_06716C60 | |
Source: | Code function: | 3_2_06718DB1 | |
Source: | Code function: | 3_2_06719B10 | |
Source: | Code function: | 3_2_06718872 | |
Source: | Code function: | 3_2_0671A87A | |
Source: | Code function: | 3_2_06718880 | |
Source: | Code function: | 3_2_0672EA18 | |
Source: | Code function: | 3_2_06721840 | |
Source: | Code function: | 3_2_06721831 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_6D176647 | |
Source: | Code function: | 0_2_6D183B12 | |
Source: | Code function: | 3_2_06721670 | |
Source: | Code function: | 3_2_06725643 | |
Source: | Code function: | 3_2_0672DEC0 | |
Source: | Code function: | 3_2_06729F0C | |
Source: | Code function: | 3_2_067222A0 | |
Source: | Code function: | 3_2_06724370 | |
Source: | Code function: | 3_2_06724330 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Code function: | 0_2_6D16F968 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_067185B0 |
Source: | Code function: | 0_2_6D16B31A |
Source: | Code function: | 0_2_6D17108B |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_6D16B31A | |
Source: | Code function: | 0_2_6D16AE41 | |
Source: | Code function: | 0_2_6D16F2B7 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_6D162D80 |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_6D16B4D8 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_6D16AF63 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 351 Security Software Discovery | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | 124 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | ByteCode-MSIL.Trojan.RedLine | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
58% | ReversingLabs | Win32.Trojan.LummaStealer |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
api.ip.sb | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.228.166.68 | unknown | Russian Federation | 48467 | PRANET-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465370 |
Start date and time: | 2024-07-01 15:42:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | fOsCO13KRs.exerenamed because original name is a hash value |
Original Sample Name: | 533e2a477734c51c894f95335b5af00ddbc32af0b15d5173cb49f52df01a9f88.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/3@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 40.113.110.67, 172.67.75.172, 104.26.12.31, 104.26.13.31, 40.127.169.103, 13.95.31.18, 13.85.23.206, 20.166.126.56, 199.232.214.172, 40.113.103.199
- Excluded domains from analysis (whitelisted): client.wns.windows.com, wns.notify.trafficmanager.net, api.ip.sb.cdn.cloudflare.net, fe3.delivery.mp.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: fOsCO13KRs.exe
Time | Type | Description |
---|---|---|
09:44:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
94.228.166.68 | Get hash | malicious | RedLine | Browse | ||
Get hash | malicious | RedLine, Xmrig | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PRANET-ASRU | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | RedLine, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer, Xmrig, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\fOsCO13KRs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 226 |
Entropy (8bit): | 5.360398796477698 |
Encrypted: | false |
SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv |
MD5: | 3A8957C6382192B71471BD14359D0B12 |
SHA1: | 71B96C965B65A051E7E7D10F61BEBD8CCBB88587 |
SHA-256: | 282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D |
SHA-512: | 76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\fOsCO13KRs.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 428544 |
Entropy (8bit): | 5.871773702966774 |
Encrypted: | false |
SSDEEP: | 6144:BXwH9u+ucghyu8uO1pNOUSINyxQk3Lg4EdRNiE3bTMNfBNKv+rDo:BbcgFO8NEdRNiE3bL |
MD5: | D13D730E0A45088C4356DFBC65FF818F |
SHA1: | 056FCCF8C532F18141E0056C189F3F8C4A63A31C |
SHA-256: | 981F4C2C88B060C734BEB40B2C4C7E3D3E14C8D1221A4476AB7A912866772C55 |
SHA-512: | 98FDAEC0CD3F9979F145B4688E025CDCBB3825D6E16894025D19A509543901AC0E0E0DC058A6DF7E2F1FE450913FFE763E71DBD363525AAA349227E0A797A8BD |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.794725701315532 |
TrID: |
|
File name: | fOsCO13KRs.exe |
File size: | 1'609'728 bytes |
MD5: | cb98320171d36e2b913c56a4cddfad44 |
SHA1: | d9d8c535906d83f2de73759af8739d2985fdf7dd |
SHA256: | 533e2a477734c51c894f95335b5af00ddbc32af0b15d5173cb49f52df01a9f88 |
SHA512: | ef1508144094073ce3a6ce18caabcbb5d9405b9a594439672411974e090c4f4be4bdb9c6cf7a99ecbb802dc284fb40dcea20e197593b9bc2d1bd0de3e7e7b429 |
SSDEEP: | 49152:6y55n15t6mWD/+oI9Z9rqyI44HppuzGxHH8Boz:F5DjoqZ92yVG/uzGNc |
TLSH: | 6B75B0F017504750D528763311BC7868A6D6F77E162A377ABF2ACE62F2D31E8D40E1A2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xf................................. ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x54d0be |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x667817A0 [Sun Jun 23 12:40:00 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x14d068 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18c000 | 0x6e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x18e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x164e00 | 0x48 | .dDg |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x14b0c4 | 0x14b200 | e2ce8c3e97eea4e1f2b8f2c2fb5df587 | False | 0.7870916796432617 | data | 7.88564149410164 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.dDg | 0x14e000 | 0x3c404 | 0x3c600 | 3fb812bcccc8f4b608d294373e7cc52d | False | 0.5782827057453416 | data | 6.388795580872965 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18c000 | 0x6e0 | 0x800 | e915dbc32658fce1c640f9fdab9a2e38 | False | 0.3642578125 | data | 3.7613295511651486 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x18e000 | 0xc | 0x200 | 50d3c35f580058964369e5f57c3783a4 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x18c0a0 | 0x450 | data | 0.39855072463768115 | ||
RT_MANIFEST | 0x18c4f0 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/01/24-15:44:00.166826 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
07/01/24-15:44:00.376088 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
07/01/24-15:44:08.664219 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 15:43:51.789887905 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:43:51.789887905 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:43:52.086785078 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:43:59.291065931 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:43:59.297967911 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:43:59.298053026 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:43:59.307431936 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:43:59.312982082 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:00.131184101 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:00.166826010 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:00.174155951 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:00.376087904 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:00.430465937 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:01.399210930 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:01.399250031 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:01.696273088 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:03.424560070 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:03.424669027 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:05.446974993 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:05.451776981 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.653198957 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.653543949 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.653678894 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:05.654328108 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.654340982 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.654400110 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:05.655689955 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.655704021 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:05.655791998 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.820729017 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825699091 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825712919 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825726032 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825737000 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825763941 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825773001 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825824022 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825836897 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825850964 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825860977 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825892925 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825901985 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825911045 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825928926 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.825948000 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.825973034 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.830584049 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830610991 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830746889 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830754042 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.830758095 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830775023 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830789089 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830809116 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.830842972 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.830847979 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830905914 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.830974102 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.830997944 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.831069946 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.831094980 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.831196070 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835565090 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835619926 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835632086 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835629940 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835700989 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835704088 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835711956 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835747004 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835763931 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835788965 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835814953 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835825920 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835861921 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835875034 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835906029 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835956097 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835973978 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.835988045 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.835999966 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836015940 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.836041927 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.836066961 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836077929 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836090088 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836102962 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836113930 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836126089 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836201906 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836211920 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836224079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836235046 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836245060 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836303949 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836316109 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.836442947 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840465069 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840503931 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840514898 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840533018 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840542078 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840575933 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840578079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840593100 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840632915 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840636015 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840645075 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840656042 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840687037 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840693951 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840712070 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840735912 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840781927 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840792894 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840806961 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840817928 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840826988 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840837002 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840842962 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840867996 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.840873003 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840884924 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840894938 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840904951 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840949059 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840959072 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840970039 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840980053 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.840989113 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841073036 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841084003 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841094017 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841104031 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841114044 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841124058 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841135025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841243029 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841253996 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841264009 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841274977 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841284990 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841295004 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841305017 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841314077 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841336966 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841346025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841356039 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841367006 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841388941 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841398954 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841418982 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841428995 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841442108 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841486931 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841497898 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841506958 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841511011 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841521025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841531038 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841545105 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841553926 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841559887 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.841563940 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841579914 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841609001 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841619015 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841629028 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841638088 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841649055 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.841680050 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841691017 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841701984 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841711044 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841721058 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.841732025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845376015 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845390081 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845470905 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845508099 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845519066 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845527887 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845561028 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845570087 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845580101 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845657110 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845665932 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845675945 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845705032 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845714092 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845724106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845741987 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845752954 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845796108 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845804930 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845824003 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845834017 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845843077 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845855951 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845906019 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.845915079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846420050 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846569061 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846580029 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846663952 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846674919 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846693993 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846704006 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846805096 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846815109 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846826077 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846837997 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846857071 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846865892 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846873999 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846884012 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846904993 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846915007 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846925974 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846935987 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846944094 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846965075 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846975088 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.846985102 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847002983 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847012997 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847022057 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847031116 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847048998 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847058058 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847067118 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847084999 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847095013 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847217083 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847304106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847316027 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847326994 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847336054 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847345114 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847354889 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847363949 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847373962 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847383022 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847390890 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847402096 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847443104 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847460985 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847471952 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847482920 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847491980 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847539902 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847549915 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847560883 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.847569942 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.851064920 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.851159096 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.855937004 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.855962038 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.855973005 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.855987072 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.855997086 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856005907 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856024981 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856036901 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856065035 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856075048 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856097937 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856107950 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856118917 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856131077 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856148958 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856158972 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856162071 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.856168032 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856189966 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856200933 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856210947 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856221914 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856231928 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.856232882 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856251001 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856264114 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856297016 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856307030 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856316090 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856326103 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856336117 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856345892 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856357098 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856367111 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856385946 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856395006 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856405020 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856415033 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856424093 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856434107 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856443882 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856453896 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856476068 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856496096 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856515884 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856524944 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856534004 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.856544018 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857300043 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857311010 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857338905 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857348919 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857361078 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857372046 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.857384920 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861368895 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861382961 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861393929 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861418009 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861428022 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861438036 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861459017 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861468077 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861478090 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861488104 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861509085 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861517906 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861530066 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861541033 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861572027 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861577988 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.861583948 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861644983 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861659050 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861660957 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.861670971 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861691952 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861701012 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861711025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861731052 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861741066 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861749887 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861759901 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861778975 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861788988 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861799955 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861835003 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861845016 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861854076 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861864090 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861876011 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861897945 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.861907005 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862035990 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862046957 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862056971 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862066984 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862076998 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862088919 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862098932 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862108946 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862128019 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862138033 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862148046 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862157106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862176895 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862186909 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862196922 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862206936 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.862215996 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866549015 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866621971 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866682053 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866686106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866727114 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866731882 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866740942 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866744995 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866807938 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.866830111 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866833925 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866844893 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866849899 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866868973 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866877079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866877079 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.866882086 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866887093 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866890907 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866894960 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866900921 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.866909981 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867012024 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867017031 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867043018 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867065907 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867069960 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867079973 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867115974 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867120028 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867166042 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867171049 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867180109 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867183924 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867202997 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867208004 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867213011 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867252111 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867261887 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867265940 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867331982 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.867383957 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.911300898 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.911549091 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.911633015 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.911633015 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.911684990 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.916402102 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916424036 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916429043 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916471958 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916476011 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916496038 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916500092 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916505098 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916512966 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916522026 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916526079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916546106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916549921 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916600943 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916604996 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916614056 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916626930 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916630983 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916654110 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916657925 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916667938 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916681051 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916685104 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916692972 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916734934 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916743994 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.916752100 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.944905043 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.945177078 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:07.950208902 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950218916 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950229883 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950233936 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950237989 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950249910 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950268030 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950280905 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950284958 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950294971 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950299025 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950308084 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950311899 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950359106 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950364113 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950375080 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950378895 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950381994 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950412035 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950416088 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950550079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950553894 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950562954 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950567007 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950570107 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950582981 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950598001 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950607061 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950611115 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950654030 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950658083 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950661898 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950717926 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950721979 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.950731993 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:07.991478920 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:08.663485050 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:08.664218903 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:08.669089079 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:09.139653921 CEST | 80 | 49718 | 94.228.166.68 | 192.168.2.6 |
Jul 1, 2024 15:44:09.160691977 CEST | 49718 | 80 | 192.168.2.6 | 94.228.166.68 |
Jul 1, 2024 15:44:13.127010107 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:13.127432108 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:13.128117085 CEST | 49724 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:13.128160954 CEST | 443 | 49724 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:13.128253937 CEST | 49724 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:13.133960962 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:13.133989096 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:13.134803057 CEST | 49724 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:13.134831905 CEST | 443 | 49724 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:13.760607004 CEST | 443 | 49724 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:13.760819912 CEST | 49724 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:14.625540972 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:14.630661964 CEST | 53 | 51381 | 1.1.1.1 | 192.168.2.6 |
Jul 1, 2024 15:44:14.630732059 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:14.630781889 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:14.635514975 CEST | 53 | 51381 | 1.1.1.1 | 192.168.2.6 |
Jul 1, 2024 15:44:15.323240995 CEST | 53 | 51381 | 1.1.1.1 | 192.168.2.6 |
Jul 1, 2024 15:44:15.324027061 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:15.324716091 CEST | 53 | 51381 | 1.1.1.1 | 192.168.2.6 |
Jul 1, 2024 15:44:15.324805021 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:15.331180096 CEST | 53 | 51381 | 1.1.1.1 | 192.168.2.6 |
Jul 1, 2024 15:44:15.331243992 CEST | 51381 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:32.932106018 CEST | 443 | 49724 | 173.222.162.64 | 192.168.2.6 |
Jul 1, 2024 15:44:32.932254076 CEST | 49724 | 443 | 192.168.2.6 | 173.222.162.64 |
Jul 1, 2024 15:44:44.851388931 CEST | 80 | 49705 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:44.851576090 CEST | 49705 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:44.851735115 CEST | 80 | 49706 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:44.851854086 CEST | 49706 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:44.851911068 CEST | 49706 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:44.853141069 CEST | 80 | 49705 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:44.853185892 CEST | 49705 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:44.857686996 CEST | 80 | 49706 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:47.861537933 CEST | 80 | 49710 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:47.861733913 CEST | 49710 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:47.861780882 CEST | 49710 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:47.863190889 CEST | 80 | 49710 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:44:47.863245010 CEST | 49710 | 80 | 192.168.2.6 | 178.79.238.128 |
Jul 1, 2024 15:44:47.866631031 CEST | 80 | 49710 | 178.79.238.128 | 192.168.2.6 |
Jul 1, 2024 15:45:33.259188890 CEST | 49708 | 80 | 192.168.2.6 | 192.229.221.95 |
Jul 1, 2024 15:45:33.278865099 CEST | 80 | 49708 | 192.229.221.95 | 192.168.2.6 |
Jul 1, 2024 15:45:33.278959990 CEST | 49708 | 80 | 192.168.2.6 | 192.229.221.95 |
Jul 1, 2024 15:45:35.493398905 CEST | 49709 | 80 | 192.168.2.6 | 192.229.221.95 |
Jul 1, 2024 15:45:35.498904943 CEST | 80 | 49709 | 192.229.221.95 | 192.168.2.6 |
Jul 1, 2024 15:45:35.499085903 CEST | 49709 | 80 | 192.168.2.6 | 192.229.221.95 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 15:44:05.756098986 CEST | 61441 | 53 | 192.168.2.6 | 1.1.1.1 |
Jul 1, 2024 15:44:14.625142097 CEST | 53 | 61706 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 1, 2024 15:44:05.756098986 CEST | 192.168.2.6 | 1.1.1.1 | 0x8500 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 1, 2024 15:44:05.765065908 CEST | 1.1.1.1 | 192.168.2.6 | 0x8500 | No error (0) | api.ip.sb.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 1, 2024 15:44:46.386404037 CEST | 1.1.1.1 | 192.168.2.6 | 0xd8c1 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 15:44:46.386404037 CEST | 1.1.1.1 | 192.168.2.6 | 0xd8c1 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49718 | 94.228.166.68 | 80 | 4052 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 1, 2024 15:43:59.307431936 CEST | 37 | OUT | |
Jul 1, 2024 15:44:00.131184101 CEST | 1 | IN | |
Jul 1, 2024 15:44:00.166826010 CEST | 202 | OUT | |
Jul 1, 2024 15:44:00.376087904 CEST | 142 | IN | |
Jul 1, 2024 15:44:05.446974993 CEST | 154 | OUT | |
Jul 1, 2024 15:44:05.653198957 CEST | 1236 | IN | |
Jul 1, 2024 15:44:05.653543949 CEST | 1236 | IN | |
Jul 1, 2024 15:44:05.654328108 CEST | 1236 | IN | |
Jul 1, 2024 15:44:05.654340982 CEST | 1236 | IN | |
Jul 1, 2024 15:44:05.655689955 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:43:55 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\Desktop\fOsCO13KRs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 1'609'728 bytes |
MD5 hash: | CB98320171D36E2B913C56A4CDDFAD44 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 09:43:55 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:43:56 |
Start date: | 01/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdb0000 |
File size: | 262'432 bytes |
MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 24% |
Dynamic/Decrypted Code Coverage: | 1.4% |
Signature Coverage: | 9.5% |
Total number of Nodes: | 666 |
Total number of Limit Nodes: | 19 |
Graph
Function 6D162D80 Relevance: 75.3, APIs: 17, Strings: 22, Instructions: 7021injectionmemorythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D1612E0 Relevance: 46.8, APIs: 20, Strings: 6, Instructions: 1347filememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0307107F Relevance: 17.3, Strings: 8, Instructions: 7335COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 030710B0 Relevance: 17.3, Strings: 8, Instructions: 7316COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D162970 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 122librarynativeloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0307C560 Relevance: 4.4, Strings: 2, Instructions: 1883COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03079080 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03079070 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307B0F0 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307B100 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307B500 Relevance: .4, Instructions: 442COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307E6F0 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03078DD8 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03078DA0 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03078DC0 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307E6DF Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03078E10 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03078E40 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16AB31 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D17115C Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 056B0811 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307F420 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307F448 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 056B0840 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D16F5A7 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16B4D8 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16F968 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0307A690 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307AD59 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307B358 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307B368 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D17108B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D183B17 Relevance: .8, Instructions: 814COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03070D89 Relevance: .4, Instructions: 413COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D161010 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 030794D8 Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D162B80 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0307F7A3 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 030797A8 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0307FC22 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6D16CD4A Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D170CBA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16DEFE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D172975 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16C972 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16F708 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D170B5F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6D16D0EF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 15% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 3.4% |
Total number of Nodes: | 118 |
Total number of Limit Nodes: | 6 |
Graph
Function 067185B0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672EA18 Relevance: .8, Instructions: 784COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067139C0 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302D0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03024248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03025935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302B2A0 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067181F8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06718300 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0302B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06718208 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06715914 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672668B Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672C050 Relevance: .4, Instructions: 412COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720660 Relevance: .4, Instructions: 407COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06726698 Relevance: .4, Instructions: 403COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067271F0 Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672B258 Relevance: .4, Instructions: 381COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06727BF0 Relevance: .4, Instructions: 374COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06726258 Relevance: .4, Instructions: 350COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725250 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672C041 Relevance: .3, Instructions: 322COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06727830 Relevance: .3, Instructions: 316COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067284A8 Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672C618 Relevance: .3, Instructions: 282COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672B246 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720C98 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725B28 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06724830 Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672F618 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672AE10 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672E078 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06722080 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06726247 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06723348 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720651 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067222C0 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725B1B Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720040 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672D9A0 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672E068 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A710 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A720 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720007 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672D800 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672821F Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672DF13 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672634D Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672DEB0 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725219 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067216D8 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A270 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06721518 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06721509 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06722550 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015CD01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067276A8 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672F970 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672ADF0 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06728128 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06722560 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720F78 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06723300 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725660 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06723338 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 015CD006 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672C60B Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725098 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A978 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672DF8B Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672EA0B Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A969 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720520 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067217F9 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725651 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672E8D3 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A6A0 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672DF98 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672E980 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06720530 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067205E0 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672CE50 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD655 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672EB38 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672781F Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A630 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672E8E0 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A6B0 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672769D Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067276B8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012AD654 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A640 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067205F0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067216C7 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067277F9 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06724FF3 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672FA29 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672FD17 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06721679 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06723F60 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06726C77 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06721688 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672FD28 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725000 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672FA38 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06725313 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06722520 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A8E8 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06723F70 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06726C88 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067214D9 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672A610 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0672015E Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06718872 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06718880 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06713C93 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0671A7CC Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|