Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
file.exe (PID: 6760 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 75A2D212A591A83A4D0C88A92B390B88) RegAsm.exe (PID: 4832 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) RegAsm.exe (PID: 5780 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) WerFault.exe (PID: 2408 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 760 -s 304 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "77.105.135.107:3445", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 07/02/24-12:24:00.932845 |
SID: | 2046045 |
Source Port: | 49704 |
Destination Port: | 3445 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-12:24:06.375739 |
SID: | 2046056 |
Source Port: | 3445 |
Destination Port: | 49704 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-12:24:01.127422 |
SID: | 2043234 |
Source Port: | 3445 |
Destination Port: | 49704 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-12:24:13.135257 |
SID: | 2043231 |
Source Port: | 49704 |
Destination Port: | 3445 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00B92DA6 | |
Source: | Code function: | 0_2_00B93193 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00B9A02C | |
Source: | Code function: | 0_2_00B6E1A4 | |
Source: | Code function: | 0_2_00B6C2C6 | |
Source: | Code function: | 0_2_00B8C310 | |
Source: | Code function: | 0_2_00B825A5 | |
Source: | Code function: | 0_2_00B6E5C5 | |
Source: | Code function: | 0_2_00B6C60E | |
Source: | Code function: | 0_2_00B7C99E | |
Source: | Code function: | 0_2_00B6E9F5 | |
Source: | Code function: | 0_2_00B8A9F5 | |
Source: | Code function: | 0_2_00B6C965 | |
Source: | Code function: | 0_2_00B6CCAD | |
Source: | Code function: | 0_2_00B98CF7 | |
Source: | Code function: | 0_2_00B4EC30 | |
Source: | Code function: | 0_2_00B6D03B | |
Source: | Code function: | 0_2_00B6D3D8 | |
Source: | Code function: | 0_2_00B7F4F0 | |
Source: | Code function: | 0_2_00B7D471 | |
Source: | Code function: | 0_2_00B31560 | |
Source: | Code function: | 0_2_00B23780 | |
Source: | Code function: | 0_2_00B6D766 | |
Source: | Code function: | 0_2_00BA78B0 | |
Source: | Code function: | 0_2_00B6DACB | |
Source: | Code function: | 0_2_00B7FA20 | |
Source: | Code function: | 0_2_00B6DE3F | |
Source: | Code function: | 0_2_00B7FE60 | |
Source: | Code function: | 0_2_00B53FF4 | |
Source: | Code function: | 2_2_02BADC74 |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00B4C790 | |
Source: | Code function: | 0_2_00B4D1C3 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00B92DA6 | |
Source: | Code function: | 0_2_00B93193 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00B927AA |
Source: | Code function: | 0_2_00B8A697 | |
Source: | Code function: | 0_2_00B8A4F0 | |
Source: | Code function: | 0_2_00B8A5D1 | |
Source: | Code function: | 0_2_00B8A533 | |
Source: | Code function: | 0_2_00B8A576 | |
Source: | Code function: | 0_2_00B8A6DB | |
Source: | Code function: | 0_2_00B8A71F | |
Source: | Code function: | 0_2_00B8A750 | |
Source: | Code function: | 0_2_00B857E9 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00B769E1 | |
Source: | Code function: | 0_2_00B4CEFF | |
Source: | Code function: | 0_2_00B4D08F | |
Source: | Code function: | 0_2_00B4D1C4 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_007E018D |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00B4CBC5 |
Source: | Code function: | 0_2_00B88682 | |
Source: | Code function: | 0_2_00B88813 | |
Source: | Code function: | 0_2_00B2E9BF | |
Source: | Code function: | 0_2_00B96F68 | |
Source: | Code function: | 0_2_00B8913F | |
Source: | Code function: | 0_2_00B97163 | |
Source: | Code function: | 0_2_00B9720A | |
Source: | Code function: | 0_2_00B97273 | |
Source: | Code function: | 0_2_00B97399 | |
Source: | Code function: | 0_2_00B9730E | |
Source: | Code function: | 0_2_00B975EC | |
Source: | Code function: | 0_2_00B97715 | |
Source: | Code function: | 0_2_00B978EA | |
Source: | Code function: | 0_2_00B4B82A | |
Source: | Code function: | 0_2_00B9781B |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00B4CDD4 |
Source: | Code function: | 0_2_00B92078 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 241 Security Software Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 134 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | ReversingLabs | Win32.Trojan.LummaC | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
3% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
3% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
77.105.135.107 | unknown | Russian Federation | 42031 | PLUSTELECOM-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466011 |
Start date and time: | 2024-07-02 12:23:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/6@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:24:09 | API Interceptor | |
06:24:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
77.105.135.107 | Get hash | malicious | RedLine | Browse | ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PLUSTELECOM-ASRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT | Browse |
| ||
Get hash | malicious | Meduza Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bcb8debaf6c6e3eea7b81188b2bf0e7b56e59ac_910c98a4_d3d94960-ed1e-43ed-9c25-2307c05e8a8c\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7035913923344724 |
Encrypted: | false |
SSDEEP: | 192:l80sL80hvDPlYt10c2i0E3jGGzuiFoZ24IO8ThB:EoYDNuWc2iHjHzuiFoY4IO8r |
MD5: | 908D91EAE7667EDEBC4EB1AA3E324706 |
SHA1: | 8EDFAF356741BFC08B12D201553E100CB4DDE455 |
SHA-256: | EFA94F07F7E13B9269EA2F423F9C88E43394DEBC276842CEB144041E476A0FC9 |
SHA-512: | 57D0D29B27D603E110BDF79DAB6F45A687C80DE97B1C252BD47B73A78BE10ABBDD9638854883C7CCB261B3A13E57F92E09A23E302342EC6259D65BD02C116728 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53610 |
Entropy (8bit): | 1.750063043524919 |
Encrypted: | false |
SSDEEP: | 192:d7uuxOrtONWclRDScvUTC7hEAIDSgKUrmMk:tOcNdlbumEhDSghu |
MD5: | 76B6791DBE9E8A6ACD9F78F7752AF7B5 |
SHA1: | ABFEA324F5112634C5670CD19EC3C6D9B54FA25E |
SHA-256: | B2B9BF7959FECBE863737E55FB655E1A5A976A171CC93BD6AB03181A57FAEF51 |
SHA-512: | 7561B74C39D91F300F7D233288BA61E00E7BD9041E4F44C539F2255F3F36B144538BAD633818C5353D6328EFA4BFFC10848E32C3BDF7184721B71363686D98F4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8260 |
Entropy (8bit): | 3.6893410183633355 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ9Cw6gu6YEIQSUuFegmfByXIupDT89bB3sflRrm:R6lXJ/6R6YE/SUQegmfwiB8f2 |
MD5: | F5E798B681E4C628181B800FC9704E6D |
SHA1: | BD6571FEDB63ABF72A011E6C7AD0C6A54885DB63 |
SHA-256: | 1F69C11C9E2778D88DAE207EE7AA245E0DB89D7340CE213704CD2EDB3C5E5F9C |
SHA-512: | 3E99B146DDB80BE64167FFD1F55BD1B12C53027D6ED26379ED9C93DFF7E8679CA027FE0E20BD55FF76FEFDEBFA6E214DEF75F7CFE99477FB21AEC6D4EC915A6E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4537 |
Entropy (8bit): | 4.428220343552774 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9w7WpW8VY/Ym8M4J94FI+q8K5+S8iEd:uIjfHI7eK7VrJvJ+SBEd |
MD5: | 567AA4A24C8E70FABCEA5A0CF8DDFF6D |
SHA1: | 1622F4F031A90E1D9E733FD8CF51DE53E8A883B5 |
SHA-256: | 9F44FEC3ED221F218C31988E5DCFD416B8578DF0C4EDD6638E9D4B965C26F78C |
SHA-512: | 6BD2FDF10FEA45E9FF6DC69649E2997DC50433F70F947723C76D2DB184C747B675CA89B184C12FA6476208745C8784E13A6F4BDC965C0B7D2C7AB930FE99C5F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421337681964193 |
Encrypted: | false |
SSDEEP: | 6144:cSvfpi6ceLP/9skLmb0OTSWSPHaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw:HvloTSW+EZMM6DFy403w |
MD5: | 9095D7BE8EE38E60A3035D1230F8E7ED |
SHA1: | 1002CA5F350D708E58F79C2CF94A554B59CB0A71 |
SHA-256: | 114F972DC86C3370526EC29284AE50B7A9AEAA76C59867CB3CC603E60433A1C4 |
SHA-512: | 48A9F8CD5C561A3FDB0A9577182F1E61D0C7065648F9F3BD4521B1916DE199C4845B38CEB4697E1FBAF66CE863C0B40D13E5FAAE1B36616DBBC7F8A1B2D24535 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.29740036425901 |
TrID: |
|
File name: | file.exe |
File size: | 957'440 bytes |
MD5: | 75a2d212a591a83a4d0c88a92b390b88 |
SHA1: | 8f69b79a0d6bc6b4def35b38ec46d15e6eb1c1d9 |
SHA256: | cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71 |
SHA512: | e7242ef4042f96743a6f999bee1a5ee93a88a6aa83385a28d2b868bd2c2f6734c0bc9192059e5a7862cff747a4dee8a16e9ac10cb659cbd2f05a4a040dd05a47 |
SSDEEP: | 24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm |
TLSH: | D715CE1135C08036D67320320AA9FAB99AFEF4341B2966CF17D85A7E9F346C15B3526F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x...+...+...+z..*...+z..*...+z..*...+k\.*...+k\.*...+z..*...+...+)..+k\.*...+Z_.*...+Z_.*...+Z_.*...+Rich...+............... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x42c381 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66826F1E [Mon Jul 1 08:55:58 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 56baef533a2c1ed14f3f4ef31918aea1 |
Instruction |
---|
call 00007F05A4B2DA00h |
jmp 00007F05A4B2CD7Ch |
cmp ecx, dword ptr [0049A040h] |
jne 00007F05A4B2CF63h |
ret |
jmp 00007F05A4B2DDB8h |
jmp 00007F05A4B2E09Dh |
push ebp |
mov ebp, esp |
jmp 00007F05A4B2CF6Fh |
push dword ptr [ebp+08h] |
call 00007F05A4B6879Eh |
pop ecx |
test eax, eax |
je 00007F05A4B2CF71h |
push dword ptr [ebp+08h] |
call 00007F05A4B5948Eh |
pop ecx |
test eax, eax |
je 00007F05A4B2CF48h |
pop ebp |
ret |
cmp dword ptr [ebp+08h], FFFFFFFFh |
je 00007F05A4B2E095h |
jmp 00007F05A4B2E072h |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007F05A4B2E062h |
pop ecx |
pop ebp |
ret |
mov dword ptr [ecx], 0048A520h |
ret |
push ebp |
mov ebp, esp |
test byte ptr [ebp+08h], 00000001h |
push esi |
mov esi, ecx |
mov dword ptr [esi], 0048A520h |
je 00007F05A4B2CF6Ch |
push 0000000Ch |
push esi |
call 00007F05A4B2CF36h |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007F05A4B2CF7Bh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007F05A4B2CF6Ch |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007F05A4B2CF6Eh |
add edx, 28h |
cmp edx, esi |
jne 00007F05A4B2CF4Ch |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x98d80 | 0x48 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x98dc8 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe9000 | 0x4ac8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x929a0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x928e0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x88000 | 0x20c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x85607 | 0x85800 | d4a3e4e2547dac4975d39086e7139986 | False | 0.4124166081460674 | data | 6.668988034436214 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.bss | 0x87000 | 0xf7d | 0x1000 | 878c09940a226a834c3659a4a01175c6 | False | 0.63134765625 | data | 6.367281353368697 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x88000 | 0x11a34 | 0x11c00 | 8d317fc0445d9e97e892000dec205388 | False | 0.375426386443662 | data | 4.84980486267065 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9a000 | 0x4e080 | 0x4c800 | 0e891f069ac6bc33dc2180dbb40af6b5 | False | 0.9814006331699346 | data | 7.987547215279856 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0xe9000 | 0x4ac8 | 0x4c00 | 25fdceee7c26fa23b595325521337834 | False | 0.7338096217105263 | data | 6.612335437064259 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
GDI32.dll | SetPixel |
USER32.dll | OffsetRect, ReleaseDC, GetDC |
KERNEL32.dll | CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, VirtualAlloc, WaitForSingleObject, GetModuleHandleA, CreateThread, GetProcAddress, FormatMessageA, WideCharToMultiByte, GetCurrentThreadId, CloseHandle, WaitForSingleObjectEx, Sleep, SwitchToThread, GetExitCodeThread, GetNativeSystemInfo, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LocalFree, GetLocaleInfoEx, MultiByteToWideChar, LCMapStringEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableSRW, QueryPerformanceCounter, QueryPerformanceFrequency, SetFileInformationByHandle, GetTempPathW, InitOnceExecuteOnce, CreateEventExW, CreateSemaphoreExW, FlushProcessWriteBuffers, GetCurrentProcessorNumber, GetSystemTimeAsFileTime, GetTickCount64, FreeLibraryWhenCallbackReturns, CreateThreadpoolTimer, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks, CloseThreadpoolTimer, CreateThreadpoolWait, SetThreadpoolWait, CloseThreadpoolWait, GetModuleHandleW, GetFileInformationByHandleEx, CreateSymbolicLinkW, GetStringTypeW, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, SetEnvironmentVariableW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetCurrentThread, SetConsoleCtrlHandler, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW |
Name | Ordinal | Address |
---|---|---|
AwakeSound | 1 | 0x487d10 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/02/24-12:24:00.932845 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
07/02/24-12:24:06.375739 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
07/02/24-12:24:01.127422 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
07/02/24-12:24:13.135257 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 12:24:00.230401039 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:00.235276937 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:00.235403061 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:00.255548954 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:00.260399103 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:00.894330978 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:00.932845116 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:00.938674927 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:01.127422094 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:01.171791077 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.175950050 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.180783033 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375739098 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375751972 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375766039 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375832081 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.375852108 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375860929 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.375907898 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.421789885 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.510586023 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:06.515475988 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.940747023 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.941606998 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:06.941693068 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.050059080 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.055459023 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.243783951 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.296848059 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.338819981 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.343744040 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343756914 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343820095 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343830109 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343859911 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.343900919 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.343924999 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.343933105 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343944073 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343972921 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343982935 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.343991995 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.344090939 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.344099998 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.348745108 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.348792076 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.350586891 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.350596905 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.350605965 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.350615025 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.638511896 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.648298025 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.653187990 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.841630936 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:07.890568972 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.979860067 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:07.984679937 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.174869061 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.207503080 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:08.216063023 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.409914970 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.415105104 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:08.422775984 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.611979008 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.619383097 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:08.624397993 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.624409914 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.624417067 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.624497890 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.624501944 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.624536991 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.911303043 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:08.913100958 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:08.918390989 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.107553005 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.110565901 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:09.116857052 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.307045937 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.308224916 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:09.313081026 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.506139040 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.516491890 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:09.521431923 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.930443048 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.931735039 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:09.932106018 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:09.934547901 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:09.939281940 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.128108978 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.171808958 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.217324018 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.222785950 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222795963 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222820997 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222825050 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222836018 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222839117 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222923040 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222928047 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222968102 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.222971916 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.223073959 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.227544069 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227586031 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227685928 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.227760077 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227767944 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227822065 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227824926 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.227857113 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.227941990 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.227950096 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228024960 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228029013 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228091955 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.228142977 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228245974 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228288889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228293896 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228302956 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.228307009 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.228365898 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.232022047 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232064962 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232069969 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232074022 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232135057 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.232227087 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232346058 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232355118 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232362032 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232399940 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.232400894 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232404947 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232441902 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.232455969 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232460022 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232516050 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232521057 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232593060 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232598066 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232703924 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232707977 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232724905 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232728958 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232759953 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232764006 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232811928 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232815981 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232855082 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232858896 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232914925 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232918978 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232928991 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232933044 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232986927 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232990980 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.232997894 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.233045101 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233050108 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233072042 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.233102083 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233107090 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233114004 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.233155966 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233160019 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233164072 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.233197927 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233222008 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233258009 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.233262062 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237812042 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237818003 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237827063 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237831116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237834930 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237852097 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237855911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237864971 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237869024 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237878084 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237881899 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237890005 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237894058 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237901926 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237905979 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237914085 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237917900 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237926960 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237930059 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237934113 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237936974 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237941027 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237951040 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237955093 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237962961 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237977028 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237981081 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237989902 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.237993956 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238002062 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238055944 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238059998 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238069057 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238101959 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238143921 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238207102 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238210917 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238357067 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.238418102 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238423109 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238434076 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238439083 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238444090 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.238456964 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238461018 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238465071 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238468885 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238477945 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238497972 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238576889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238580942 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238641977 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238646984 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238722086 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238725901 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238761902 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238765955 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238800049 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.238802910 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239357948 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239362001 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239483118 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239622116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239625931 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239634991 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239639044 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239751101 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239754915 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239758968 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239763021 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239773035 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239892960 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239897013 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239906073 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239908934 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.239917994 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240020037 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240029097 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240032911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240041018 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240045071 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240143061 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240147114 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240155935 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240159988 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.240164042 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.242957115 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.242961884 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.243181944 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.243251085 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.244580984 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.244930983 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.244935989 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.244945049 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245064020 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245073080 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245076895 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245079994 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245084047 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245208025 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245213032 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245223999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245354891 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245363951 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245368004 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245493889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245497942 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245507002 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245511055 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245670080 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245673895 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245682001 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245687008 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245790005 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245794058 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245803118 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245806932 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245939970 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.245943069 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246078014 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246082067 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246089935 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246093988 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246129036 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246133089 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246141911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246145964 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246160984 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246165037 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246228933 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246232986 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246522903 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246527910 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246675968 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246680021 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246687889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246834040 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246838093 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246983051 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246987104 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246990919 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.246994019 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.247148037 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.247152090 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.247348070 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.247419119 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.248188019 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248286963 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248291016 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248295069 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248439074 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248444080 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248451948 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248563051 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248567104 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248575926 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248725891 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248729944 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248883963 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248888016 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248927116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248930931 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.248939991 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249316931 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249320984 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249330044 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249439955 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249444008 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249452114 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249455929 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249464035 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249593019 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249597073 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249605894 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249732971 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249737024 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249747038 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249749899 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249869108 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249874115 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249882936 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249886990 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249969959 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249974012 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249983072 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249986887 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.249994993 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250004053 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250006914 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250019073 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250022888 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250030994 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250072956 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250076056 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250117064 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250121117 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250226974 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250231028 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.250262022 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.251317024 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.251605988 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.251682043 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.252346039 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252351046 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252471924 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252476931 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252490044 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252495050 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252572060 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252576113 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252588034 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252592087 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252731085 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252734900 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252818108 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252821922 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252830982 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252835035 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252839088 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252850056 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252859116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252861977 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252866030 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252873898 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252906084 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.252908945 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253006935 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253010988 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253087997 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253092051 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253370047 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253374100 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253448963 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253453016 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253462076 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253465891 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253736973 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253741026 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253748894 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253894091 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.253897905 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254066944 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254070997 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254192114 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254195929 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254204035 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254208088 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254216909 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254324913 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254328966 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254337072 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254340887 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254481077 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254484892 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254492998 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254497051 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.254697084 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.254786968 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.256694078 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.256697893 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.256823063 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.256975889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257112026 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257117033 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257126093 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257128954 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257232904 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257236958 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257350922 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257354975 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257364988 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257368088 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257376909 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257381916 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257446051 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257450104 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257453918 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257457018 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257466078 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257469893 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257477999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257482052 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257492065 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257496119 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257577896 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257616043 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257687092 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257692099 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257826090 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.257868052 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258363962 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258649111 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258773088 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258776903 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258785963 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258789062 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258793116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258796930 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258894920 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258899927 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258908987 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258912086 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258915901 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.258924007 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259048939 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259052992 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259057045 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259191990 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259196043 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259203911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259207964 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.259959936 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260122061 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260126114 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260247946 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260256052 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260260105 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260262966 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260267019 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260376930 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.260382891 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260394096 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260397911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260401011 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260405064 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260447025 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.260490894 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260500908 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260504961 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260602951 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260607958 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260616064 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260620117 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260623932 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260627985 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260636091 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260639906 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260648966 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260652065 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260656118 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260658979 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260669947 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260679007 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260683060 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260687113 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260694981 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260698080 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260708094 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260760069 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260762930 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.260970116 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261040926 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261044025 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261053085 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261199951 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261204004 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261212111 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261363029 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261367083 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261375904 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261507034 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261511087 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261646986 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261651039 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261660099 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261662960 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261811972 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.261815071 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.262017965 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.262093067 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.265429974 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.265588045 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.265732050 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.265873909 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.265878916 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.265882969 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266026020 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266030073 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266181946 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266185999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266304016 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266308069 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266393900 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266397953 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266407013 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266411066 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266415119 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266427994 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266432047 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266436100 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266438961 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266448021 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266499996 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266503096 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266954899 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266958952 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266968012 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.266972065 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267102003 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267106056 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267195940 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267199993 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267208099 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267211914 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267345905 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267349958 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267473936 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267477989 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267487049 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267616987 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267620087 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267752886 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267756939 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267765999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267770052 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267779112 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267894030 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.267898083 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268034935 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268039942 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268043041 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268047094 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268203974 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268213987 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268362999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268364906 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268369913 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268369913 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268395901 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.268496990 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.268501043 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.312429905 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:10.315623999 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:10.317266941 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:11.046212912 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:11.093744040 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:11.686405897 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:11.766676903 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:11.955912113 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:11.958069086 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:11.962913036 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.151259899 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.203001022 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:12.254447937 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:12.259414911 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.741806030 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.742546082 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.742749929 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:12.744905949 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:12.751638889 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.940397024 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:12.940872908 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:12.945643902 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:13.134162903 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:13.135257006 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Jul 2, 2024 12:24:13.140166044 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:13.343828917 CEST | 3445 | 49704 | 77.105.135.107 | 192.168.2.5 |
Jul 2, 2024 12:24:13.376147032 CEST | 49704 | 3445 | 192.168.2.5 | 77.105.135.107 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:23:56 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 957'440 bytes |
MD5 hash: | 75A2D212A591A83A4D0C88A92B390B88 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 06:23:57 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x280000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:23:57 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa00000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 06:23:57 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x340000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.7% |
Dynamic/Decrypted Code Coverage: | 2.5% |
Signature Coverage: | 17.5% |
Total number of Nodes: | 325 |
Total number of Limit Nodes: | 6 |
Graph
Function 007E018D Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA78B0 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 311memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A697 Relevance: .0, Instructions: 29COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BA7E40 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 68libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B88BB9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4C198 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BA7D20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5AEDA Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5AC21 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BA7AF0 Relevance: 1.3, APIs: 1, Instructions: 89memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B53FF4 Relevance: 46.7, APIs: 25, Strings: 1, Instructions: 1201COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B9A02C Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B97715 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B96F68 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B93193 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4CEFF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B2E9BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B97399 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B23780 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B98CF7 Relevance: 2.8, APIs: 1, Instructions: 1260COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B92DA6 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4CBC5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6E5C5 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6E1A4 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6E9F5 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6D03B Relevance: 1.6, Strings: 1, Instructions: 348COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B975EC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6DACB Relevance: 1.6, Strings: 1, Instructions: 326COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6D766 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6DE3F Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6C60E Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6C2C6 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6C965 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B927AA Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B9781B Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B97163 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B88813 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4D08F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B825A5 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7C99E Relevance: .5, Instructions: 481COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7FE60 Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B31560 Relevance: .3, Instructions: 278COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7FA20 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7D471 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4EC30 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A750 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A576 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A6DB Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A4F0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A533 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A71F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8A5D1 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B857E9 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B259F0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 136COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B25F80 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 133COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B59C94 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 185COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B27230 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 120COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B4B4B8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B522D6 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8FA7C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B3E3E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B27AB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B3E307 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B3E140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8580B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B88D7D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B2EDB2 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B81EAE Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 369COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B3E075 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B48EF9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5A5F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B2E884 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B9298E Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B9463F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5AE4C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B90129 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BA039B Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5267B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B56D19 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B22070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 7.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 52 |
Total number of Limit Nodes: | 7 |
Graph
Function 02BAAE30 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BA5935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BA4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAA858 Relevance: 1.6, APIs: 1, Instructions: 77libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAD2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02BAB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FADA51 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FADA50 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|