Windows
Analysis Report
x4UbCbpqkP.exe
Overview
General Information
Sample name: | x4UbCbpqkP.exerenamed because original name is a hash value |
Original sample name: | 187049e720e9545fc7c567f85ee870ec.exe |
Analysis ID: | 1465934 |
MD5: | 187049e720e9545fc7c567f85ee870ec |
SHA1: | 1fd8edb9da446de7c24d633b10ca6a4c03c9499f |
SHA256: | 6ad54ede2fb8a622eb23f83ccce4138aee91178b62183999cca5a0f4fb3b0d93 |
Tags: | exeRedLineStealer |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
x4UbCbpqkP.exe (PID: 6860 cmdline:
"C:\Users\ user\Deskt op\x4UbCbp qkP.exe" MD5: 187049E720E9545FC7C567F85EE870EC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["144.172.122.232:20131"], "Authorization Header": "70183f61f1e913a8ca5013414de9717c"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 07/02/24-09:21:53.677511 |
SID: | 2043234 |
Source Port: | 20131 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-09:21:53.492903 |
SID: | 2046045 |
Source Port: | 49730 |
Destination Port: | 20131 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-09:21:59.015305 |
SID: | 2046056 |
Source Port: | 20131 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-09:22:04.858085 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 20131 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_06DD5770 | |
Source: | Code function: | 0_2_06DD35A0 | |
Source: | Code function: | 0_2_06DD0A10 | |
Source: | Code function: | 0_2_072484F8 | |
Source: | Code function: | 0_2_072484F8 | |
Source: | Code function: | 0_2_07240040 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_051BDC74 | |
Source: | Code function: | 0_2_06DD5770 | |
Source: | Code function: | 0_2_06DD7580 | |
Source: | Code function: | 0_2_06DD82C8 | |
Source: | Code function: | 0_2_06DD0040 | |
Source: | Code function: | 0_2_06DDCE68 | |
Source: | Code function: | 0_2_06DD0A10 | |
Source: | Code function: | 0_2_06DD3BE0 | |
Source: | Code function: | 0_2_06DD2778 | |
Source: | Code function: | 0_2_06DD2768 | |
Source: | Code function: | 0_2_06DD1470 | |
Source: | Code function: | 0_2_06DD1462 | |
Source: | Code function: | 0_2_06DD1E68 | |
Source: | Code function: | 0_2_06DD1E2F | |
Source: | Code function: | 0_2_072484F8 | |
Source: | Code function: | 0_2_0724AF48 | |
Source: | Code function: | 0_2_072484F5 | |
Source: | Code function: | 0_2_07240006 | |
Source: | Code function: | 0_2_07240040 | |
Source: | Code function: | 0_2_07246A28 | |
Source: | Code function: | 0_2_07246A19 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_06DD2320 | |
Source: | Code function: | 0_2_06DD5F1F |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_06DD3BE0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 113 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
79% | ReversingLabs | ByteCode-MSIL.Trojan.Jalapeno | ||
69% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1307407 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
3% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
144.172.122.232 | unknown | United States | 9009 | M247GB | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465934 |
Start date and time: | 2024-07-02 09:21:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | x4UbCbpqkP.exerenamed because original name is a hash value |
Original Sample Name: | 187049e720e9545fc7c567f85ee870ec.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/1@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
03:22:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | CryptOne, Vidar | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
M247GB | Get hash | malicious | GuLoader, Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
|
Process: | C:\Users\user\Desktop\x4UbCbpqkP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 4.809458973082986 |
TrID: |
|
File name: | x4UbCbpqkP.exe |
File size: | 292'864 bytes |
MD5: | 187049e720e9545fc7c567f85ee870ec |
SHA1: | 1fd8edb9da446de7c24d633b10ca6a4c03c9499f |
SHA256: | 6ad54ede2fb8a622eb23f83ccce4138aee91178b62183999cca5a0f4fb3b0d93 |
SHA512: | ae8f75b7bfe61bb5251fe20d5ac69c9d1140539e17df11f05f1665b57844ee68a288ba1f8e2791830785baed916fae7a0599506a530f8f7ca4f4d3f393b8d403 |
SSDEEP: | 3072:4qFFrqwIOGBHy9MGSwTca9G2f6ZkOEhdIVLZ0fHIOcZqf7D34yyCbBOr:LBIOGfardaLZifcZqf7DIyy |
TLSH: | 4D543A2873D8C911E53E4B79D471D6B093B0ED12A817E35B5ED07CAB3D36B40EA11AB2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.N...............0.................. ........@.. ....................................@................................ |
Icon Hash: | 0f0179d4d479038f |
Entrypoint: | 0x429fc2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xF14EB231 [Wed Apr 16 06:01:21 2098 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
popad |
add byte ptr [ebp+00h], dh |
je 00007F19E9105FD2h |
outsd |
add byte ptr [esi+00h], ah |
imul eax, dword ptr [eax], 006C006Ch |
xor eax, 59007400h |
add byte ptr [edi+00h], dl |
push edx |
add byte ptr [ecx+00h], dh |
popad |
add byte ptr [edi+00h], dl |
push esi |
add byte ptr [edi+00h], ch |
popad |
add byte ptr [ebp+00h], ch |
push 61006800h |
add byte ptr [ebp+00h], ch |
dec edx |
add byte ptr [eax], bh |
add byte ptr [edi+00h], dl |
push edi |
add byte ptr [ecx], bh |
add byte ptr [ecx+00h], bh |
bound eax, dword ptr [eax] |
xor al, byte ptr [eax] |
insb |
add byte ptr [eax+00h], bl |
pop ecx |
add byte ptr [edi+00h], dl |
js 00007F19E9105FD2h |
jnc 00007F19E9105FD2h |
pop edx |
add byte ptr [eax+00h], bl |
push ecx |
add byte ptr [ebx+00h], cl |
popad |
add byte ptr [edi+00h], dl |
dec edx |
add byte ptr [ebp+00h], dh |
pop edx |
add byte ptr [edi+00h], dl |
jo 00007F19E9105FD2h |
imul eax, dword ptr [eax], 5Ah |
add byte ptr [ebp+00h], ch |
jo 00007F19E9105FD2h |
je 00007F19E9105FD2h |
bound eax, dword ptr [eax] |
push edi |
add byte ptr [eax+eax+77h], dh |
add byte ptr [ecx+00h], bl |
xor al, byte ptr [eax] |
xor eax, 63007300h |
add byte ptr [edi+00h], al |
push esi |
add byte ptr [ecx+00h], ch |
popad |
add byte ptr [edx], dh |
add byte ptr [eax+00h], bh |
je 00007F19E9105FD2h |
bound eax, dword ptr [eax] |
insd |
add byte ptr [eax+eax+76h], dh |
add byte ptr [edx+00h], bl |
push edi |
add byte ptr [ecx], bh |
add byte ptr [eax+00h], dh |
popad |
add byte ptr [edi+00h], al |
cmp dword ptr [eax], eax |
insd |
add byte ptr [edx+00h], bl |
push edi |
add byte ptr [esi+00h], cl |
cmp byte ptr [eax], al |
push esi |
add byte ptr [eax+00h], cl |
dec edx |
add byte ptr [esi+00h], dh |
bound eax, dword ptr [eax] |
insd |
add byte ptr [eax+00h], bh |
jo 00007F19E9105FD2h |
bound eax, dword ptr [eax] |
insd |
add byte ptr [ebx+00h], dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29f70 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x30000 | 0x19da8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x29f54 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x2cfa8 | 0x2d000 | 939bd28a073181db002fb83b4eaecc39 | False | 0.4616644965277778 | data | 6.16789035104987 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x30000 | 0x19da8 | 0x1a000 | a4f424516bbe0de150f62a2b16406561 | False | 0.12208909254807693 | data | 1.5501848344062148 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4a000 | 0xc | 0x400 | 6a1e0749cab609b2f210f18b32dd4739 | False | 0.025390625 | data | 0.05585530805374581 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x30250 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | 0.19676360225140713 | ||
RT_ICON | 0x312f8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | 0.09013072282030049 | ||
RT_ICON | 0x41b20 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | 0.13905290505432216 | ||
RT_ICON | 0x45d48 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | 0.17033195020746889 | ||
RT_ICON | 0x482f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | 0.2045028142589118 | ||
RT_ICON | 0x49398 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | 0.24645390070921985 | ||
RT_GROUP_ICON | 0x49800 | 0x14 | data | 1.1 | ||
RT_GROUP_ICON | 0x49814 | 0x5a | data | 0.7666666666666667 | ||
RT_VERSION | 0x49870 | 0x34a | data | 0.44418052256532065 | ||
RT_MANIFEST | 0x49bbc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/02/24-09:21:53.677511 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
07/02/24-09:21:53.492903 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
07/02/24-09:21:59.015305 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
07/02/24-09:22:04.858085 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 09:21:52.735893011 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:52.740925074 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:52.741029024 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:52.749460936 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:52.754189014 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:53.360846043 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:53.416836977 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:53.492902994 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:53.500677109 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:53.677510977 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:53.725300074 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:58.838571072 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:58.843441963 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.015305042 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.015431881 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.015441895 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.015497923 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.015582085 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.015638113 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.106664896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.106695890 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.106770992 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.241552114 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.246340990 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.413841009 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.459655046 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.474854946 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.479743004 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479753017 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479790926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479799986 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479804993 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479827881 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.479875088 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479885101 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.479931116 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.480032921 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.484369993 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.484612942 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.484621048 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.484623909 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.484707117 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.717304945 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.748826027 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.753640890 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.921844006 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:21:59.930016994 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:21:59.934885025 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.101430893 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.130445004 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:00.135498047 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.301479101 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.324992895 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:00.330005884 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.505866051 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:00.553426981 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:00.954030991 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:00.959085941 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.125286102 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.133210897 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.138055086 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138065100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138079882 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138087988 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138097048 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138221025 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138278961 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.138365030 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.376138926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.428400993 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.456943989 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.461800098 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.627312899 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.636807919 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.641652107 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.807706118 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.810565948 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.815529108 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.980860949 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:01.982146978 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:01.986994028 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.152740002 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.154824972 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:02.159679890 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.325472116 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.373964071 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:02.686889887 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:02.691905022 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.691917896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.691927910 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.932244062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:02.935122013 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:02.940006971 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.182919025 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.225301981 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.556178093 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.563524961 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.563972950 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.564048052 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.564084053 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.564547062 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.564627886 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.564682961 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.564758062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.566338062 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.567033052 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.567078114 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.567086935 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.567095041 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.567158937 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.568629026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.570346117 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.570667982 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.570718050 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.570725918 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.570785046 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.571269035 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.571321011 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.571326017 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.571367025 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.573492050 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.573595047 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.573751926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.573862076 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.575882912 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.575973988 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.576013088 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.576041937 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.576097012 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.576505899 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.576564074 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.578613043 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.578659058 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.578668118 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.578728914 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.579158068 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579170942 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579180002 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579225063 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579241991 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.579281092 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579283953 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.579291105 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579322100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579329967 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.579346895 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.579422951 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.581309080 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581319094 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581365108 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581387997 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.581433058 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581459045 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581470966 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581857920 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581866026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581918001 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581926107 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.581928968 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584043980 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584090948 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584098101 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584342003 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584350109 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584357023 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584364891 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584368944 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584376097 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584384918 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584392071 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584398985 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584405899 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.584573030 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.585951090 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.585959911 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.585984945 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586013079 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586025000 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586035013 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586050034 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586066008 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586075068 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586114883 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586116076 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586163998 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586164951 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586195946 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586218119 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586256027 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586560011 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586602926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586610079 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586610079 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586617947 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586652994 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586669922 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586679935 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586808920 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586817026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586823940 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586831093 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586838961 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.586863995 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.586935043 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.588831902 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.588840008 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.588900089 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.588907957 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.588964939 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.588973045 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589025974 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589034081 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589633942 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589641094 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589703083 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589718103 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589792013 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589799881 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589833975 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589899063 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.589910984 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590023994 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590032101 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590039968 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590046883 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590054035 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.590063095 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.591443062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.591478109 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592199087 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592206955 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592262983 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592300892 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592308998 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592329025 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592369080 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592377901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592449903 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592458010 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592503071 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592509985 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592552900 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592622042 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592643023 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592650890 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592667103 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592683077 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.592766047 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593319893 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593364000 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593372107 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593456984 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593465090 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593472004 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593507051 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593513966 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593522072 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593574047 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593647003 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.593653917 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.594908953 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.594961882 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595053911 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595068932 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595149994 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595158100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595238924 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595247030 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595252991 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595262051 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595293999 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595300913 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595324993 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595333099 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595395088 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595402002 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595428944 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595436096 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595479012 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595485926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595521927 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595529079 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.595606089 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.600215912 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.600373983 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.600373983 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.600461960 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607573986 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607584000 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607633114 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607641935 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607667923 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607702017 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607703924 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607712030 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607768059 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607778072 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607791901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607822895 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607831001 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607844114 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607873917 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607877016 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607887030 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607913971 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607922077 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607929945 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.607964039 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.607974052 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608035088 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608042955 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608095884 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608133078 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608237028 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608244896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608251095 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608258963 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608310938 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608319044 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608352900 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608361006 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608413935 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608422041 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608453989 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608463049 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608525991 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608534098 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608552933 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608609915 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608653069 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608660936 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608669996 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608741045 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608748913 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608757019 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608901024 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608910084 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608951092 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.608977079 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609019041 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609026909 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609086990 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609093904 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609173059 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609179974 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609250069 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609256983 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609263897 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609307051 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609313965 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609335899 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609344006 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609399080 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609406948 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609457016 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609464884 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609529972 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609536886 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609544992 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609553099 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609565020 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609596968 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609612942 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609682083 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609689951 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609806061 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609812975 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.609817028 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.610987902 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611022949 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611136913 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611145020 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611169100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611176014 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611222982 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611238003 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611309052 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611315966 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611397028 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611403942 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611459017 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611466885 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611517906 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611526012 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611582041 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611589909 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611638069 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.611645937 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615252018 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615258932 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615309954 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615372896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615461111 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615530968 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615613937 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615622044 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615663052 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615708113 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615715981 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615722895 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.615730047 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.619317055 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.619460106 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.619460106 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.619559050 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.626941919 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.626998901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627007008 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627072096 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627079964 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627087116 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627094984 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627098083 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627105951 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627149105 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627157927 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627161026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627167940 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627216101 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627289057 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627298117 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627304077 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627311945 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627319098 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627326012 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627329111 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627361059 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627368927 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627376080 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627382994 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627389908 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627393007 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627424002 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627430916 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627438068 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627445936 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627485037 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627492905 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627500057 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627506971 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627511024 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627552032 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627559900 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627563000 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627573967 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627580881 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627602100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627609015 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627646923 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627655029 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627685070 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627693892 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627701044 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627722025 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627729893 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627763033 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627770901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627863884 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627871990 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627880096 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627942085 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627948999 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.627955914 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628026962 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628035069 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628041983 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628048897 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628053904 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628061056 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628144026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628151894 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628154993 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628163099 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628170013 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628176928 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628247023 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628254890 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628262043 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628268957 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.628287077 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.628433943 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.630017996 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630147934 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630156040 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630158901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630167007 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630175114 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630207062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630215883 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630304098 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630311966 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630319118 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630326986 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630335093 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630342007 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630352974 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630359888 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630362988 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630407095 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630414009 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630420923 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630435944 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630501032 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630512953 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630521059 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630558014 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630565882 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630615950 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630623102 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630630970 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630637884 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630646944 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630661011 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630667925 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.630964041 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.631119013 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.635435104 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635443926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635453939 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635531902 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635540009 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635549068 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635606050 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635613918 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635621071 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635631084 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635638952 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635698080 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635706902 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635714054 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635726929 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635735035 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635749102 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635785103 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635829926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635838032 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635921001 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635929108 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635955095 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.635994911 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636002064 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636010885 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636040926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636096954 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636106014 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636109114 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636123896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636131048 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636195898 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636204004 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.636214018 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.637981892 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638040066 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638046980 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638056993 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638140917 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638149023 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638156891 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638216972 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638225079 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638276100 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638284922 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638304949 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638340950 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638421059 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638428926 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638437033 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638443947 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638453007 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638495922 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638676882 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638731003 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638739109 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638818026 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638827085 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638834000 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638848066 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638936043 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.638937950 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638957977 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638964891 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638972044 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.638989925 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639080048 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639081001 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.639090061 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639098883 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639106035 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639112949 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639120102 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.639123917 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640698910 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640727997 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640769958 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640778065 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640819073 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640826941 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640865088 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640872955 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640881062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640901089 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640953064 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.640960932 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641024113 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641031981 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641038895 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641043901 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641047001 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641074896 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641138077 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641146898 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641154051 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641163111 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.641176939 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.678406000 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.684457064 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.708189964 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.713092089 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713119984 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713139057 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713146925 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713238001 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713246107 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713253021 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713283062 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713298082 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713304996 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713309050 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713315010 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713330030 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713336945 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.713341951 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:03.725290060 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:03.731589079 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.297314882 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.333885908 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:04.338924885 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.507695913 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.512526989 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:04.518793106 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.684942961 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.685380936 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:04.690207005 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.857340097 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:04.858084917 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Jul 2, 2024 09:22:04.862998962 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:05.032325029 CEST | 20131 | 49730 | 144.172.122.232 | 192.168.2.4 |
Jul 2, 2024 09:22:05.062283039 CEST | 49730 | 20131 | 192.168.2.4 | 144.172.122.232 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 09:22:12.746440887 CEST | 1.1.1.1 | 192.168.2.4 | 0xfd18 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:22:12.746440887 CEST | 1.1.1.1 | 192.168.2.4 | 0xfd18 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 03:21:50 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\x4UbCbpqkP.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 292'864 bytes |
MD5 hash: | 187049E720E9545FC7C567F85EE870EC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 13.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 106 |
Total number of Limit Nodes: | 17 |
Graph
Function 06DDCE68 Relevance: 14.9, Strings: 11, Instructions: 1163COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD7580 Relevance: 6.6, Strings: 5, Instructions: 393COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 072484F8 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD5770 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD82C8 Relevance: .8, Instructions: 814COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0724AF48 Relevance: .6, Instructions: 631COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD0A10 Relevance: .4, Instructions: 426COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD0040 Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD35A0 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BAE30 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051B4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051B5935 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BA858 Relevance: 1.6, APIs: 1, Instructions: 77libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BD2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DDB110 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DDAB64 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BB2A0 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051B9838 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07247EC8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0724A0A0 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0123D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0123D006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122DA81 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122DA80 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07240040 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07240006 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD1470 Relevance: .5, Instructions: 528COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07246A19 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07246A28 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 051BDC74 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD2778 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD1E2F Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD1E68 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 072484F5 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD1462 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06DD2768 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|