Edit tour
Windows
Analysis Report
Bankcopyscanneddoc.exe
Overview
General Information
| Sample name: | Bankcopyscanneddoc.exe |
| Analysis ID: | 1482847 |
| MD5: | 901969f80acf800e522c7e2e73840e22 |
| SHA1: | de89bca939c5674b3afca2eaa34f2e578b3f9c84 |
| SHA256: | f03d12cadb70aa5f2d93285bf541f8a02e4fe24c574d7eb5062c693cfb6fc076 |
| Tags: | exeRedLineStealer |
| Infos: |  |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Bankcopyscanneddoc.exe (PID: 6312 cmdline: "C:\Users\ user\Deskt op\Bankcop yscanneddo c.exe" MD5: 901969F80ACF800E522C7E2E73840E22)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["84.38.129.21:1912"], "Bot Id": "foz", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
| Timestamp: | 2024-07-26T09:12:08.384450+0200 |
| SID: | 2046056 |
| Source Port: | 1912 |
| Destination Port: | 49699 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:08.206533+0200 |
| SID: | 2043231 |
| Source Port: | 49699 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:20.036450+0200 |
| SID: | 2022930 |
| Source Port: | 443 |
| Destination Port: | 49701 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:02.655038+0200 |
| SID: | 2046045 |
| Source Port: | 49699 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:11.875496+0200 |
| SID: | 2043231 |
| Source Port: | 49699 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:02.830260+0200 |
| SID: | 2043234 |
| Source Port: | 1912 |
| Destination Port: | 49699 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:58.931591+0200 |
| SID: | 2022930 |
| Source Port: | 443 |
| Destination Port: | 49705 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T09:12:11.660867+0200 |
| SID: | 2043231 |
| Source Port: | 49699 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_07965BF0 | |
| Source: | Code function: | 0_2_07964B00 | |
| Source: | Code function: | 0_2_07964B00 | |
| Source: | Code function: | 0_2_07963000 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_0109DC74 | |
| Source: | Code function: | 0_2_04FFEE58 | |
| Source: | Code function: | 0_2_04FF8850 | |
| Source: | Code function: | 0_2_04FF0040 | |
| Source: | Code function: | 0_2_04FF003C | |
| Source: | Code function: | 0_2_04FF8840 | |
| Source: | Code function: | 0_2_07962718 | |
| Source: | Code function: | 0_2_07960E48 | |
| Source: | Code function: | 0_2_079615A0 | |
| Source: | Code function: | 0_2_07966418 | |
| Source: | Code function: | 0_2_07969C38 | |
| Source: | Code function: | 0_2_07964B00 | |
| Source: | Code function: | 0_2_079632C0 | |
| Source: | Code function: | 0_2_07964270 | |
| Source: | Code function: | 0_2_079620D8 | |
| Source: | Code function: | 0_2_07963828 | |
| Source: | Code function: | 0_2_07960040 | |
| Source: | Code function: | 0_2_07960E37 | |
| Source: | Code function: | 0_2_079632AF | |
| Source: | Code function: | 0_2_07964AF6 | |
| Source: | Code function: | 0_2_07964260 | |
| Source: | Code function: | 0_2_079620CA | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_04FFD451 | |
| Source: | Code function: | 0_2_07967981 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 113 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 66% | ReversingLabs | ByteCode-MSIL.Trojan.Jalapeno | ||
| 80% | Virustotal | Browse | ||
| 100% | Avira | TR/AD.RedLineSteal.iyobn | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 84.38.129.21 | unknown | Latvia | 203557 | DATACLUB-NL | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1482847 |
| Start date and time: | 2024-07-26 09:11:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 3s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Bankcopyscanneddoc.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/1@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 03:12:08 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| DATACLUB-NL | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | CryptOne, Qbot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Qbot | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\Bankcopyscanneddoc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3094 |
| Entropy (8bit): | 5.33145931749415 |
| Encrypted: | false |
| SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
| MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
| SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
| SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
| SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.081282873476631 |
| TrID: |
|
| File name: | Bankcopyscanneddoc.exe |
| File size: | 307'712 bytes |
| MD5: | 901969f80acf800e522c7e2e73840e22 |
| SHA1: | de89bca939c5674b3afca2eaa34f2e578b3f9c84 |
| SHA256: | f03d12cadb70aa5f2d93285bf541f8a02e4fe24c574d7eb5062c693cfb6fc076 |
| SHA512: | 12879e31390b6a4c074fefdaff426efb43b82e478de9d29aed1e0a1a5e6e1bfe1987789274c178b2f44be5951cac7b77845c4532783acafb753849a440b71ab5 |
| SSDEEP: | 3072:+cZqf7D34xp/0+mAQkygx9QEgJ/B1fA0PuTVAtkxzx3RQeqiOL2bBOA:+cZqf7DIjnH6lB1fA0GTV8kXwL |
| TLSH: | 4A645B5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA51AB6 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................ |
 | |
| Icon Hash: | 4d8ea38d85a38e6d |
| Entrypoint: | 0x43028e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x30238 | 0x53 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x32000 | 0x1c9c6 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x50000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x2e294 | 0x2e400 | 72d90635ff7e01a48350fdd4c42b5460 | False | 0.4747730152027027 | data | 6.186205546769274 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x32000 | 0x1c9c6 | 0x1ca00 | a8cf3f8ff27a4a736ba8fb433d91107f | False | 0.2380765556768559 | data | 2.615031395625776 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x50000 | 0xc | 0x200 | 21472a05bd31cf3b960b3bcc0808216b | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x32220 | 0x3d04 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9934058898847631 | ||
| RT_ICON | 0x35f24 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | 0.09013072282030049 | ||
| RT_ICON | 0x4674c | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | 0.13905290505432216 | ||
| RT_ICON | 0x4a974 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | 0.17033195020746889 | ||
| RT_ICON | 0x4cf1c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | 0.2045028142589118 | ||
| RT_ICON | 0x4dfc4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | 0.24645390070921985 | ||
| RT_GROUP_ICON | 0x4e42c | 0x5a | data | 0.7666666666666667 | ||
| RT_VERSION | 0x4e488 | 0x352 | data | 0.4447058823529412 | ||
| RT_MANIFEST | 0x4e7dc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 2024-07-26T09:12:08.384450+0200 | TCP | 2046056 | ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| 2024-07-26T09:12:08.206533+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| 2024-07-26T09:12:20.036450+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49701 | 13.85.23.86 | 192.168.2.7 |
| 2024-07-26T09:12:02.655038+0200 | TCP | 2046045 | ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| 2024-07-26T09:12:11.875496+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| 2024-07-26T09:12:02.830260+0200 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| 2024-07-26T09:12:58.931591+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49705 | 13.85.23.86 | 192.168.2.7 |
| 2024-07-26T09:12:11.660867+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 26, 2024 09:12:01.652684927 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:01.657685995 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:01.657808065 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:01.666865110 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:01.671979904 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:02.284023046 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:02.327039957 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:02.655038118 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:02.660070896 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:02.830260038 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:02.873908043 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:08.206532955 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:08.211838007 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384136915 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384185076 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384196997 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384282112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384284019 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:08.384377003 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:08.384449959 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384460926 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:08.384572029 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.796834946 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803107023 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803210974 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803236008 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803265095 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803280115 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803288937 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803309917 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803318024 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803339958 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803356886 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803549051 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803637981 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803675890 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803680897 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.803689957 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.803738117 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810000896 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810024023 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810082912 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810127020 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810137033 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810153961 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810164928 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810187101 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810194016 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810205936 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810235977 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810425997 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810519934 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.810909986 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.810986996 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.816042900 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.816098928 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.816337109 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.816395998 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.816462994 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.816504002 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.816530943 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.816560030 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.817903996 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.817960978 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.818147898 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.818205118 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.818223953 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.818279982 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.818281889 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.818331003 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.818367004 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.818447113 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.821445942 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821460009 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821472883 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821485996 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821496010 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821508884 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821510077 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.821521044 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821527958 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821537971 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.821542025 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821553946 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821563959 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821574926 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821607113 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821619034 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821625948 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.821755886 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.822815895 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822825909 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822873116 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822890997 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822901011 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822915077 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.822916985 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822926998 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822941065 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822943926 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.822961092 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822967052 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.822971106 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822983980 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.822997093 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.823008060 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823015928 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823030949 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823031902 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.823038101 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823054075 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.823060989 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823076010 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.823096037 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.823102951 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.829910040 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.829988956 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.829993010 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830192089 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830200911 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830216885 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830228090 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830240965 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830248117 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830271959 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830285072 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830298901 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830324888 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830337048 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830427885 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830440044 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830457926 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830466032 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830490112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830502987 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830560923 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830569983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830648899 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830702066 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830782890 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830815077 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830836058 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830879927 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830982924 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.830991983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831008911 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831011057 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.831020117 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831101894 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.831114054 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831125975 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831351995 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831366062 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831381083 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831393003 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831410885 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831425905 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831552982 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831576109 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831744909 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831758976 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831851006 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831862926 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831959963 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.831971884 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832010031 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832021952 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832072973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832086086 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832097054 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832117081 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832130909 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832206964 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832272053 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832283974 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832350969 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832434893 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832447052 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832470894 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832530975 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832540035 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832591057 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832602024 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832667112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832679987 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832899094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832911968 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832957983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.832972050 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833017111 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833029032 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833055973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833065033 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833100080 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.833381891 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.833453894 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.836144924 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836220026 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836335897 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836344957 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836359024 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836368084 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836544991 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836555004 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836569071 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836579084 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836592913 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836611986 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836620092 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836636066 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836803913 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836812973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836828947 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836837053 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836863041 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836874008 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836886883 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836896896 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.836947918 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837217093 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837225914 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837246895 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837253094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837255001 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837259054 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837275028 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837285042 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837297916 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837320089 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837330103 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837342978 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837351084 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837366104 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837440968 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837452888 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837464094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837477922 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837488890 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837587118 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837596893 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837614059 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.837622881 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838474035 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838486910 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838499069 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838512897 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838522911 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838535070 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838550091 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838551998 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838553905 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838726997 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838736057 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838754892 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838767052 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838778973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838788986 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838792086 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.838845968 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838850975 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.838860035 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838875055 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838882923 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838907957 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838916063 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.838965893 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839030027 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839041948 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839056015 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839097977 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839109898 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839157104 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839215040 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839226961 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839632034 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839641094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839644909 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839648008 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839652061 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839654922 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839658022 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839660883 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839664936 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839874983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839888096 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839901924 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839912891 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839924097 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839939117 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839951992 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839961052 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839973927 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.839987993 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841525078 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841536999 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841551065 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841558933 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841576099 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841586113 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841598988 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841609001 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841624975 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841635942 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.841667891 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844469070 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844477892 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844568968 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844578028 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844594002 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844610929 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844624043 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844717979 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.844719887 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844734907 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844750881 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844763041 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844794035 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.844808102 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.844824076 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845254898 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845263958 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845277071 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845284939 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845298052 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845309019 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845381975 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845392942 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845400095 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845411062 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845433950 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845444918 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845453024 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845467091 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845474005 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845485926 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845496893 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845509052 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845518112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845531940 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845539093 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845554113 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845561981 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845577955 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845607996 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845608950 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845612049 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845823050 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845833063 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845848083 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845855951 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845870018 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845876932 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845889091 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845896006 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845910072 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845935106 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845946074 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.845952988 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.846194983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852437973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852458000 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852466106 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852492094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852499962 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852505922 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852525949 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852718115 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852725983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852740049 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852757931 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852767944 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852780104 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852858067 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852936029 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852947950 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852988005 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.852998972 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853044033 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853055954 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853101015 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853111982 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853172064 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853182077 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853199005 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853276014 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853286982 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853318930 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853332996 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853369951 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853389978 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.853450060 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854337931 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854389906 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854454994 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854473114 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854491949 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854537010 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854563951 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854600906 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854691029 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854705095 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854716063 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854914904 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854928017 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854938984 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854953051 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.854960918 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.855319977 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.855329037 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.855344057 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.855359077 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.855366945 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.857420921 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.857486963 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.862359047 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862369061 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862488985 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862495899 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862509012 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862518072 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862565994 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862574100 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862601995 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862610102 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862673998 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862685919 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862709045 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862720966 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862771988 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.862792015 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862804890 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862840891 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.862860918 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.862873077 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864384890 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864393950 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864411116 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864418983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864434958 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864443064 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864459991 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864470959 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864485979 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864507914 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864514112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864527941 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864535093 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864548922 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864557981 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864568949 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.864576101 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.895570040 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.895790100 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.895873070 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.895873070 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.895936012 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.900923967 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901062965 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901221991 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901253939 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901349068 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901362896 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901416063 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901427031 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901470900 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901484013 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901526928 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901537895 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901619911 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901628017 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901873112 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901886940 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901958942 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.901968002 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902048111 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902060986 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902105093 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902112961 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902198076 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902206898 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902241945 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.902251005 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.930143118 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.930313110 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:10.935456038 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935472012 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935570002 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935581923 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935607910 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935653925 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935705900 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935714006 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935774088 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935801983 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:10.935900927 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:11.660139084 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:11.660866976 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
| Jul 26, 2024 09:12:11.666783094 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:11.838006973 CEST | 1912 | 49699 | 84.38.129.21 | 192.168.2.7 |
| Jul 26, 2024 09:12:11.875495911 CEST | 49699 | 1912 | 192.168.2.7 | 84.38.129.21 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 03:12:00 |
| Start date: | 26/07/2024 |
| Path: | C:\Users\user\Desktop\Bankcopyscanneddoc.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x710000 |
| File size: | 307'712 bytes |
| MD5 hash: | 901969F80ACF800E522C7E2E73840E22 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 12.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 150 |
| Total number of Limit Nodes: | 14 |
Graph
Function 07964B00 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 079615A0 Relevance: 2.8, Strings: 2, Instructions: 304COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FFEE58 Relevance: 2.5, Strings: 1, Instructions: 1231COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07962718 Relevance: 1.8, Strings: 1, Instructions: 525COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07965BF0 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07963828 Relevance: .4, Instructions: 400COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07966418 Relevance: .4, Instructions: 363COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07969C38 Relevance: .3, Instructions: 332COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 079620D8 Relevance: .3, Instructions: 332COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07960E48 Relevance: .3, Instructions: 309COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF8840 Relevance: .3, Instructions: 293COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF8850 Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 079632C0 Relevance: .3, Instructions: 286COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07960040 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07964270 Relevance: .2, Instructions: 232COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 079620CA Relevance: .2, Instructions: 226COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07964260 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109AE30 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF1CE4 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF0AA8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01095935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01094248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109B2A0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07967D10 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07968D38 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D654 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D3D8 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0104D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0104D006 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D64F Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D3D3 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D9B1 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0103D9B0 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF0040 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0109DC74 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 04FF003C Relevance: .2, Instructions: 217COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07964AF6 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 079632AF Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07960E37 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07963000 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|