Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
file.exe (PID: 6724 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 5D505724B7A084217D7DB6B2710D8613) RegAsm.exe (PID: 6804 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) WerFault.exe (PID: 7048 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 724 -s 312 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "77.105.135.107:3445", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 07/02/24-17:18:57.592984 |
SID: | 2046045 |
Source Port: | 49731 |
Destination Port: | 3445 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-17:18:57.785662 |
SID: | 2043234 |
Source Port: | 3445 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-17:19:08.955501 |
SID: | 2043231 |
Source Port: | 49731 |
Destination Port: | 3445 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-17:19:03.098044 |
SID: | 2046056 |
Source Port: | 3445 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00152EFA | |
Source: | Code function: | 0_2_0015317F |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0015A00C | |
Source: | Code function: | 0_2_0012E184 | |
Source: | Code function: | 0_2_0012C2A6 | |
Source: | Code function: | 0_2_0014C2FF | |
Source: | Code function: | 0_2_00142595 | |
Source: | Code function: | 0_2_0012E5A5 | |
Source: | Code function: | 0_2_0012C5EE | |
Source: | Code function: | 0_2_0012C945 | |
Source: | Code function: | 0_2_0013C98E | |
Source: | Code function: | 0_2_0012E9D5 | |
Source: | Code function: | 0_2_0014A9E4 | |
Source: | Code function: | 0_2_0010EC10 | |
Source: | Code function: | 0_2_0012CC8D | |
Source: | Code function: | 0_2_00158CE3 | |
Source: | Code function: | 0_2_0012D01B | |
Source: | Code function: | 0_2_0012D3B8 | |
Source: | Code function: | 0_2_0013D461 | |
Source: | Code function: | 0_2_0013F4E0 | |
Source: | Code function: | 0_2_000F1550 | |
Source: | Code function: | 0_2_0012D746 | |
Source: | Code function: | 0_2_000E3770 | |
Source: | Code function: | 0_2_001678F0 | |
Source: | Code function: | 0_2_0013FA10 | |
Source: | Code function: | 0_2_0012DAAB | |
Source: | Code function: | 0_2_0012DE1F | |
Source: | Code function: | 0_2_0013FE50 | |
Source: | Code function: | 0_2_00113FD4 | |
Source: | Code function: | 1_2_0122DC74 |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_0010C779 | |
Source: | Code function: | 0_2_0010D1B3 | |
Source: | Code function: | 1_2_0122483D |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00152EFA | |
Source: | Code function: | 0_2_0015317F |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00152799 |
Source: | Code function: | 0_2_0014A686 | |
Source: | Code function: | 0_2_0014A4DF | |
Source: | Code function: | 0_2_0014A522 | |
Source: | Code function: | 0_2_0014A565 | |
Source: | Code function: | 0_2_0014A5C0 | |
Source: | Code function: | 0_2_0014A6CA | |
Source: | Code function: | 0_2_0014A70E | |
Source: | Code function: | 0_2_0014A73F | |
Source: | Code function: | 0_2_001457D9 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_001369C1 | |
Source: | Code function: | 0_2_0010CEEF | |
Source: | Code function: | 0_2_0010D07F | |
Source: | Code function: | 0_2_0010D1B4 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_0284018D |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_0010CBB5 |
Source: | Code function: | 0_2_00148672 | |
Source: | Code function: | 0_2_00148803 | |
Source: | Code function: | 0_2_000EE9AF | |
Source: | Code function: | 0_2_00156F54 | |
Source: | Code function: | 0_2_0014912E | |
Source: | Code function: | 0_2_0015714F | |
Source: | Code function: | 0_2_001571F6 | |
Source: | Code function: | 0_2_0015725F | |
Source: | Code function: | 0_2_001572FA | |
Source: | Code function: | 0_2_00157385 | |
Source: | Code function: | 0_2_001575D8 | |
Source: | Code function: | 0_2_00157701 | |
Source: | Code function: | 0_2_00157807 | |
Source: | Code function: | 0_2_0010B80D | |
Source: | Code function: | 0_2_001578D6 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0010CDC4 |
Source: | Code function: | 0_2_00152067 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 241 Security Software Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 134 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | ByteCode-MSIL.Infostealer.Kysler | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
77.105.135.107 | unknown | Russian Federation | 42031 | PLUSTELECOM-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466203 |
Start date and time: | 2024-07-02 17:18:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/6@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
11:19:05 | API Interceptor | |
11:19:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
77.105.135.107 | Get hash | malicious | RedLine | Browse | ||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PLUSTELECOM-ASRU | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT | Browse |
| ||
Get hash | malicious | Meduza Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_a35f85a9697e8c5bfcd541ff1e0c59facae73a9_33636041_10cb29f1-59b3-47ba-8a2b-bf10dbfe6815\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7030705390227604 |
Encrypted: | false |
SSDEEP: | 192:UQDd5EhmOvYPliftiX0c20cI3jGGzuiFTZ24IO8TVB1:v+YNiFikc20bjHzuiFTY4IO8X1 |
MD5: | 35088836DF5A582A3D76A12BD7C0CC11 |
SHA1: | 302CC1A39FF05BF967877C44838D018F29828D9F |
SHA-256: | 796C91D16377C34B0185A30A4F075A8792E959E270EF8B5BF5E61A786EED2DE3 |
SHA-512: | AA6B663C53D28A4310746548F4BF9077385B7C1382946D65E4BA0807472448CF147F5CCA64A297FFD141E1184EAE4CE393E1B7C123F1CA105E0BA97D703A1FEC |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55812 |
Entropy (8bit): | 1.7111999058470664 |
Encrypted: | false |
SSDEEP: | 192:BNiW4aByD4tOa0Osz3S8yZMe7najYvTfkuNeUxzl:avkyjOszi7ZMe7aMLVJ |
MD5: | 2D8035244D6626F5CC8754F54334FD41 |
SHA1: | 1C96B7B8EC9FE8A6126C2AA73F898D79608BB199 |
SHA-256: | 0193386846750DC1D5489C40EF695B813CD17C25C43401B6690D676EA63A67A1 |
SHA-512: | 42D56F16A8DB1A01759D6411166B9EDB53FFBD298B3164431A8E7A2EC263FBBADE37A857C198FBD024B4CAF27BA00BC4A5D111DDA41C56CC6D2EB84C21F7CB37 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8258 |
Entropy (8bit): | 3.6907319056445425 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJdCL6mE96Y9XwSU06ZgmfBWViN0pD989buhsfcjd5Gam:R6lXJE6/6YtwSU06Zgmf8UNDuafcxo |
MD5: | F71C092FF4E32F5B810BE01C7A3CC9B7 |
SHA1: | BFB72B7B58D679CB6779E29F142C0998B4BFF9C5 |
SHA-256: | 6A03250611F3D4DEE71434EE1F531B2EB9B01B570A783C8788B80C2920DEE937 |
SHA-512: | 7A5FFEE6A8A65D681EB14905844D42C11BB5609DA823EDA23B6E0225DEF2464BE91149595BF16B35F81D5CC87AE332E5C6DE1DCCD8A1EE28718609F899011B39 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4537 |
Entropy (8bit): | 4.4274154951868985 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsWiJg77aI9kPWpW8VYdAYm8M4JIMXLFP+q8Z8vNq8PYd:uIjfWwI72e7V0NJISFm8lqsYd |
MD5: | 1D0743F024E72444D956DEF36B0818A4 |
SHA1: | 7FD5DE9EBCB5CF36654D2F796C54A18BA7493600 |
SHA-256: | 057A8C12768D419DE472FE091E282910DF43313A27455A0FEC2BB14453B0CDD6 |
SHA-512: | 44CA4D908D650E3FB0F40FB17F734E4082AB24A6752C6E9E038E871DEF636414DDC751CD3A19408EF7C536A232D539300D6697A56246617BC18A586B60659BE1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4653200516686375 |
Encrypted: | false |
SSDEEP: | 6144:SIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbc:XXD94+WlLZMM6YFH1+c |
MD5: | 3EC1449458A10EC37E586A45E2F84CAF |
SHA1: | 6B770E3ED921417D96C1B49B4EC91FC22BB74B9B |
SHA-256: | 45FB24FA73BF33BC2C3CC514B235146C4A15B07ABF9AD4C6673D021940D79DF0 |
SHA-512: | 0E2543EFBE078C2A7BC7C9CD4764F083F4DA92372AE745B348FE5ACC3CBF12E1B362F35B3104708C0E5B523658DFFCBD2553336860F69263C70EAD148BF91EA9 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.299279831448098 |
TrID: |
|
File name: | file.exe |
File size: | 957'440 bytes |
MD5: | 5d505724b7a084217d7db6b2710d8613 |
SHA1: | f444284be57973aa0d2fa22cdea4e3a639bdb6c4 |
SHA256: | c4024302b2f74461f6aecd5ca2f2889fa8ed48a420cb2176ae782368e2c5c6eb |
SHA512: | bcc79a8856aa5aee6349d602d75c2c1c615a12502d1256b044572b69bb3ac3bb9632a4b61956d41c7186a3d97dcf376968983bd16b417a8dcd89ecc4aeef42d0 |
SSDEEP: | 24576:fl5DVdQCg30luJ6ku5xTXKALkQHZqG2X3XY2QXVROMRm6R:tMEYJ6ku5d8kZqRX3o3XV0MRm6R |
TLSH: | 8E15CE1135C08036D67321320AA8F7BA8ABEF4341B2966DF17D8597EAF346C15B3526F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~...-...-...-\..,...-\..,&..-\..,...-Mb.,...-Mb.,...-\..,...-...-...-Mb.,...-|a.,...-|a.,...-|a.-...-|a.,...-Rich...-....... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x42c36a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6683DD9B [Tue Jul 2 10:59:39 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | a2b3c9bb8bf21aa189ddce7cb05111e0 |
Instruction |
---|
call 00007EFC39065E87h |
jmp 00007EFC390651FCh |
cmp ecx, dword ptr [0049A040h] |
jne 00007EFC390653E3h |
ret |
jmp 00007EFC3906623Fh |
jmp 00007EFC39066524h |
push ebp |
mov ebp, esp |
jmp 00007EFC390653EFh |
push dword ptr [ebp+08h] |
call 00007EFC390A0C25h |
pop ecx |
test eax, eax |
je 00007EFC390653F1h |
push dword ptr [ebp+08h] |
call 00007EFC39091905h |
pop ecx |
test eax, eax |
je 00007EFC390653C8h |
pop ebp |
ret |
cmp dword ptr [ebp+08h], FFFFFFFFh |
je 00007EFC3906651Ch |
jmp 00007EFC390664F9h |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007EFC390664E9h |
pop ecx |
pop ebp |
ret |
mov dword ptr [ecx], 0048A520h |
ret |
push ebp |
mov ebp, esp |
test byte ptr [ebp+08h], 00000001h |
push esi |
mov esi, ecx |
mov dword ptr [esi], 0048A520h |
je 00007EFC390653ECh |
push 0000000Ch |
push esi |
call 00007EFC390653B6h |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007EFC390653FBh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007EFC390653ECh |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007EFC390653EEh |
add edx, 28h |
cmp edx, esi |
jne 00007EFC390653CCh |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x98d60 | 0x48 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x98da8 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe9000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xea000 | 0x4ab8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92950 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x92890 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x88000 | 0x20c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x855e7 | 0x85600 | 0d68ed18f7caa9ebfb8774d8c45eb92d | False | 0.41277017924086223 | data | 6.671599972650418 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.bss | 0x87000 | 0xf7d | 0x1000 | 37f104a686caec84200bd218749604e0 | False | 0.629638671875 | data | 6.354355953942119 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x88000 | 0x11a10 | 0x11c00 | e70b33041a43508f8f445e7fd8ab10f3 | False | 0.3753163512323944 | data | 4.846543895259657 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9a000 | 0x4e080 | 0x4c800 | de1caad34b281f0974c9271d6a673e72 | False | 0.9814293555964052 | data | 7.987184428264986 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xe9000 | 0x1e0 | 0x200 | 9df81114beeb0701a76cbdf68bafb630 | False | 0.53125 | data | 4.7176788329467545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xea000 | 0x4ab8 | 0x4c00 | 9c0abc7d63cffcb38eaaecde5bf08ab2 | False | 0.735608552631579 | data | 6.615552473192772 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0xe9060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
GDI32.dll | SetPixel |
USER32.dll | GetDC, OffsetRect, ReleaseDC, GetUpdateRgn |
KERNEL32.dll | CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, SetEnvironmentVariableW, VirtualAlloc, WaitForSingleObject, CreateThread, FormatMessageA, WideCharToMultiByte, GetCurrentThreadId, CloseHandle, WaitForSingleObjectEx, Sleep, SwitchToThread, GetExitCodeThread, GetNativeSystemInfo, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LocalFree, GetLocaleInfoEx, MultiByteToWideChar, LCMapStringEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableSRW, QueryPerformanceCounter, QueryPerformanceFrequency, SetFileInformationByHandle, GetTempPathW, InitOnceExecuteOnce, CreateEventExW, CreateSemaphoreExW, FlushProcessWriteBuffers, GetCurrentProcessorNumber, GetSystemTimeAsFileTime, GetTickCount64, FreeLibraryWhenCallbackReturns, CreateThreadpoolTimer, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks, CloseThreadpoolTimer, CreateThreadpoolWait, SetThreadpoolWait, CloseThreadpoolWait, GetModuleHandleW, GetProcAddress, GetFileInformationByHandleEx, CreateSymbolicLinkW, GetStringTypeW, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, FreeEnvironmentStringsW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetCurrentThread, SetConsoleCtrlHandler, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, WriteConsoleW |
Name | Ordinal | Address |
---|---|---|
AwakeSound | 1 | 0x487d60 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/02/24-17:18:57.592984 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
07/02/24-17:18:57.785662 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
07/02/24-17:19:08.955501 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
07/02/24-17:19:03.098044 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 17:18:56.829050064 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:18:56.833928108 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:18:56.834011078 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:18:56.851866961 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:18:56.856673956 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:18:57.559993982 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:18:57.592983961 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:18:57.597780943 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:18:57.785661936 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:18:57.836581945 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:02.840955973 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:02.908231974 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098043919 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098067999 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098083973 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098098993 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098115921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.098144054 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.098191977 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.277807951 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.282900095 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.479861021 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.484389067 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.489553928 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.689344883 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:03.742944002 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.814285040 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:03.819273949 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.006629944 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.008682966 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.013871908 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.201425076 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.242974997 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.439975023 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.445111990 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445136070 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445151091 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445163012 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445183039 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.445213079 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445223093 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.445231915 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445265055 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445277929 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445291042 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.445369005 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.449706078 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.450089931 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.450103998 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.450193882 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.450253010 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.732207060 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.742652893 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.747467041 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.935038090 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:04.977202892 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.981808901 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:04.986629009 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.174751043 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.179867983 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:05.184755087 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.373558998 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.385514975 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:05.390727997 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.578237057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.633457899 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:05.661946058 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:05.666687012 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.854449034 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:05.899074078 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.337143898 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.341975927 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.342022896 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.342950106 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.627569914 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.651699066 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.656508923 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.844556093 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.899080992 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.925995111 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.930840969 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930854082 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930886984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930887938 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.930896997 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930926085 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.930927038 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930936098 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.930953979 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.930975914 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.931050062 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.931060076 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.931067944 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.931098938 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.931130886 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.935441017 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935487032 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.935540915 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935549974 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935590982 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.935590982 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935601950 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935633898 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935643911 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935646057 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.935686111 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.935851097 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.935954094 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940202951 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940252066 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940287113 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940295935 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940304995 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940314054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940337896 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940361023 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940361023 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940371037 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940403938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940413952 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940419912 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940423012 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940450907 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940452099 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940460920 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940469027 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940489054 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940505028 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940521002 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940530062 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940560102 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940567970 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940583944 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940592051 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940623999 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940632105 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940660000 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940669060 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940699100 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940706968 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940732002 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940799952 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940809011 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940817118 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940829992 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940867901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940871954 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940876007 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940885067 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940907001 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940915108 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940934896 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940948009 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940957069 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940958023 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.940983057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.940990925 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.941000938 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.941025972 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.944927931 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.944936991 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.944967031 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.944974899 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945018053 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945027113 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945041895 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945050955 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945090055 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945099115 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945126057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945135117 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945143938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945152998 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945301056 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945308924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945318937 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945385933 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945394993 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945413113 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945420027 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945442915 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945451021 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945466042 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945473909 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945503950 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945512056 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945542097 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945575953 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945612907 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945621967 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945652008 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945660114 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945683002 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945744991 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945818901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945827007 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945866108 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945874929 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945895910 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945905924 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.945934057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945962906 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945974112 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.945975065 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.945995092 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946002960 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946038008 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946046114 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946053982 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946072102 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946080923 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946126938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946145058 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946152925 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946194887 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946202993 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946253061 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946260929 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946264029 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946280956 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946289062 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946330070 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946337938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946346045 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946367025 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946374893 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946419001 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946427107 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946480989 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946489096 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946553946 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946563005 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946571112 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946578026 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946585894 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946598053 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946605921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946613073 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946623087 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946630955 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946690083 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946698904 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946707964 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.946716070 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.949520111 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.949583054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.949590921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.949702024 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950007915 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.950086117 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.950676918 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950773954 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950782061 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950824976 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950833082 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950880051 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950889111 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950937033 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950944901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950984955 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.950993061 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951009035 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951018095 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951055050 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951065063 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951200962 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951210022 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951229095 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951266050 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951349974 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951364040 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951421022 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951428890 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951445103 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951452971 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951462984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951471090 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951527119 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951535940 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951544046 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951551914 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951596022 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951603889 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951611996 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951616049 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951633930 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951642036 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951649904 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951664925 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951673985 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951682091 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951690912 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951709032 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951716900 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951725006 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951733112 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951744080 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951752901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951760054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951767921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951807022 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951814890 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951823950 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.951832056 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.952054977 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.952120066 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.954777002 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954862118 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954869986 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954906940 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954914093 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954941988 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954982996 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.954991102 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955024004 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955071926 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955080986 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955157995 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955166101 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955204964 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955213070 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955229044 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955235958 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955259085 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955267906 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955343962 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955352068 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955418110 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955426931 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955436945 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955452919 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955495119 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955571890 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955579996 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955589056 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955703020 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955712080 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955768108 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955775976 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955791950 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955800056 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955816031 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955825090 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955874920 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955883026 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955890894 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955900908 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955909014 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955940008 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955948114 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955955982 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955982924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.955991030 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956032038 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956039906 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956048965 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956094027 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956103086 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956110954 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956151962 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956500053 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.956571102 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.956860065 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956898928 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956938982 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.956947088 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957042933 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957139969 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957149029 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957185984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957194090 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957225084 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957233906 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957305908 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957360029 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957367897 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957376003 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957393885 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957406044 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957427025 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957443953 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957484961 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957494020 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957531929 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957540035 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957571030 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957578897 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957588911 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957613945 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957649946 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957659006 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957684994 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957694054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957729101 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957737923 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957765102 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957773924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957796097 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957804918 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957859993 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957868099 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957884073 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957892895 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957901001 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957916975 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957925081 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957957983 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957967043 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.957983971 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958024979 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958033085 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958060980 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958069086 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958077908 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958095074 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958102942 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.958323002 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.958389044 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.961484909 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961494923 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961503983 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961519003 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961527109 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961543083 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961551905 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961560965 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961570024 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961577892 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961595058 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961604118 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961611986 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961620092 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961663008 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961672068 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961705923 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961715937 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961750984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961760044 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961776972 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961785078 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961836100 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961844921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961911917 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961920977 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961945057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961954117 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961988926 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.961997986 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962023973 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962040901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962055922 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962064981 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962100983 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962110043 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962142944 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962152958 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962177992 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962186098 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962218046 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962227106 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962261915 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962270975 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962280989 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962322950 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962331057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962338924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962359905 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962368011 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962409019 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962416887 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962441921 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962450027 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.962686062 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.962759972 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.963073969 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963167906 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963176966 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963208914 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963217020 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963313103 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963323116 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963363886 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963372946 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963406086 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963414907 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963453054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963460922 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963470936 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963499069 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963507891 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963553905 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963562965 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963572979 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963582039 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963598013 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963607073 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963615894 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963645935 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963654995 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963716984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963726044 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963762045 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963771105 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963798046 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963807106 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963818073 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963825941 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963857889 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963866949 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963891983 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963901043 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963927984 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963937998 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963984966 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.963994026 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964010954 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964019060 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964035034 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964044094 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964082003 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964091063 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964101076 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964139938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964148998 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964153051 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964181900 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.964190960 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967516899 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967526913 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967556000 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967565060 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967593908 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967602015 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967691898 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967701912 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967726946 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967736006 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967763901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967767954 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.967772007 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967786074 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967792988 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967825890 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967833996 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967838049 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.967858076 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967865944 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967896938 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967904091 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967952967 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967961073 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.967963934 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.992830992 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:06.997652054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:06.997817039 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:07.003189087 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003279924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003367901 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003376007 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003454924 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003462076 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003483057 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003490925 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003532887 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003540993 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003567934 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003580093 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003597021 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003638983 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.003647089 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.024063110 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:07.028865099 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.770225048 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.778347015 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:07.783381939 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.783493996 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.783523083 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.783586979 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.783617973 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.783644915 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.971118927 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:07.977639914 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:07.982624054 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.172461033 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.174741030 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:08.179542065 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.367037058 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.369126081 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:08.374027967 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.562109947 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.563743114 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:08.568604946 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.758742094 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.761815071 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:08.766613960 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.954621077 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:08.955501080 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:08.960370064 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:09.149492025 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:09.195966005 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:09.197372913 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Jul 2, 2024 17:19:09.396672964 CEST | 3445 | 49731 | 77.105.135.107 | 192.168.2.4 |
Jul 2, 2024 17:19:09.396733999 CEST | 49731 | 3445 | 192.168.2.4 | 77.105.135.107 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:18:54 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 957'440 bytes |
MD5 hash: | 5D505724B7A084217D7DB6B2710D8613 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 11:18:54 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 11:18:55 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdc0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.7% |
Dynamic/Decrypted Code Coverage: | 1.8% |
Signature Coverage: | 18.3% |
Total number of Nodes: | 339 |
Total number of Limit Nodes: | 6 |
Graph
Function 0284018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001678F0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 319memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A686 Relevance: .0, Instructions: 29COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00148BA9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010C181 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00167D70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0011AEBA Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00167B30 Relevance: 3.1, APIs: 2, Instructions: 93memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0011AC01 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00113FD4 Relevance: 46.7, APIs: 25, Strings: 1, Instructions: 1201COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0015A00C Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00157701 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00156F54 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00152EFA Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0015317F Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010CEEF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000EE9AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00157385 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E3770 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00158CE3 Relevance: 2.8, APIs: 1, Instructions: 1260COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010CBB5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012E5A5 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012E184 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012E9D5 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012D01B Relevance: 1.6, Strings: 1, Instructions: 348COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 001575D8 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012DAAB Relevance: 1.6, Strings: 1, Instructions: 326COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012D746 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012DE1F Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012C5EE Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012C2A6 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0012C945 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00152799 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00157807 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0015714F Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00148803 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010D07F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00142595 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0013C98E Relevance: .5, Instructions: 481COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0013FE50 Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000F1550 Relevance: .3, Instructions: 278COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0013FA10 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0013D461 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010EC10 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A73F Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A565 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A6CA Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A4DF Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A522 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A70E Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014A5C0 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 001457D9 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E59E0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 136COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E5F70 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 133COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00119C74 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 185COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 001122B6 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E7220 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 120COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010B49B Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0014FA6B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000FE3C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E7AA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000FE2E7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00160808 Relevance: 9.2, APIs: 6, Instructions: 248COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0010BD8E Relevance: 9.2, APIs: 6, Instructions: 225COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000FE120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 001457FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00148D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000EEDA2 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00141E9E Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 369COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0011265B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000FE055 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00108EDC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0011A5D6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000EE874 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0015297D Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0015462B Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0011AE2C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00150118 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0016037B Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00116CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 000E2070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 7.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 52 |
Total number of Limit Nodes: | 9 |
Graph
Function 0122D0A8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122AE30 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01225935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01224248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0122B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011AD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011BD01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011BD006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011AD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011ADA81 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 011ADA80 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|