Windows
Analysis Report
TvfkTdK16A.exe
Overview
General Information
Sample name: | TvfkTdK16A.exerenamed because original name is a hash value |
Original sample name: | 204b989b2d91e1283fe6c42ac5ded27b.exe |
Analysis ID: | 1483366 |
MD5: | 204b989b2d91e1283fe6c42ac5ded27b |
SHA1: | 97070ba4ac2db42069e2e759590abe8f9aae166f |
SHA256: | 06dc28cd7bc98e05437352f0a38decb3644ade27db6522435395f02823ca5f0f |
Tags: | exeRedLineStealer |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
TvfkTdK16A.exe (PID: 7420 cmdline:
"C:\Users\ user\Deskt op\TvfkTdK 16A.exe" MD5: 204B989B2D91E1283FE6C42AC5DED27B)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["52.143.157.240:1912"], "Bot Id": "Nigas", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 2024-07-27T04:12:04.479163+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T04:11:59.332771+0200 |
SID: | 2043234 |
Source Port: | 1912 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T04:12:06.747708+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T04:11:59.153271+0200 |
SID: | 2046045 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T04:12:04.657802+0200 |
SID: | 2046056 |
Source Port: | 1912 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T04:12:06.533640+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 1912 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0156DC74 | |
Source: | Code function: | 0_2_055CEE58 | |
Source: | Code function: | 0_2_055C8850 | |
Source: | Code function: | 0_2_055C0040 | |
Source: | Code function: | 0_2_055C0006 | |
Source: | Code function: | 0_2_055C8840 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_055CD451 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 113 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
92% | ReversingLabs | Win32.Ransomware.RedLine | ||
77% | Virustotal | Browse | ||
100% | Avira | TR/AD.RedLineSteal.mppaj | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.143.157.240 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1483366 |
Start date and time: | 2024-07-27 04:11:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | TvfkTdK16A.exerenamed because original name is a hash value |
Original Sample Name: | 204b989b2d91e1283fe6c42ac5ded27b.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/1@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
22:12:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Python Stealer, Amadey, Monster Stealer, RedLine, Stealc, Vidar | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
|
Process: | C:\Users\user\Desktop\TvfkTdK16A.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 5.0813190261774706 |
TrID: |
|
File name: | TvfkTdK16A.exe |
File size: | 307'712 bytes |
MD5: | 204b989b2d91e1283fe6c42ac5ded27b |
SHA1: | 97070ba4ac2db42069e2e759590abe8f9aae166f |
SHA256: | 06dc28cd7bc98e05437352f0a38decb3644ade27db6522435395f02823ca5f0f |
SHA512: | db80c08b2626ae01bab470a4d8d68d0a9e401498dc7155cd0769f66b99b615f168225405d106e430bc999d0536c58a8e450bca63217213a80ca1a275e4ea8ee8 |
SSDEEP: | 3072:GcZqf7D34cp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxz63R4eqiOL2bBOA:GcZqf7DIknGapB1fA0GTV8kMYL |
TLSH: | 1B645A5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA51AB6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................ |
Icon Hash: | 4d8ea38d85a38e6d |
Entrypoint: | 0x43028e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x30240 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x32000 | 0x1c9c6 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x50000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x2e294 | 0x2e400 | ff778ae75566f0ce18fa235246658a99 | False | 0.4747730152027027 | data | 6.1861189976198245 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x32000 | 0x1c9c6 | 0x1ca00 | a8cf3f8ff27a4a736ba8fb433d91107f | False | 0.2380765556768559 | data | 2.615031395625776 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x50000 | 0xc | 0x200 | 21472a05bd31cf3b960b3bcc0808216b | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x32220 | 0x3d04 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9934058898847631 | ||
RT_ICON | 0x35f24 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | 0.09013072282030049 | ||
RT_ICON | 0x4674c | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | 0.13905290505432216 | ||
RT_ICON | 0x4a974 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | 0.17033195020746889 | ||
RT_ICON | 0x4cf1c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | 0.2045028142589118 | ||
RT_ICON | 0x4dfc4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | 0.24645390070921985 | ||
RT_GROUP_ICON | 0x4e42c | 0x5a | data | 0.7666666666666667 | ||
RT_VERSION | 0x4e488 | 0x352 | data | 0.4447058823529412 | ||
RT_MANIFEST | 0x4e7dc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-27T04:12:04.479163+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
2024-07-27T04:11:59.332771+0200 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
2024-07-27T04:12:06.747708+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
2024-07-27T04:11:59.153271+0200 | TCP | 2046045 | ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
2024-07-27T04:12:04.657802+0200 | TCP | 2046056 | ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
2024-07-27T04:12:06.533640+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 27, 2024 04:11:58.445050001 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:11:58.450400114 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:11:58.450491905 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:11:58.457835913 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:11:58.462707043 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:11:59.090339899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:11:59.130609035 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:11:59.153270960 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:11:59.158968925 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:11:59.332771063 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:11:59.380625010 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:04.479162931 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:04.484622002 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657632113 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657695055 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657732010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657764912 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657769918 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:04.657802105 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:04.657921076 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:04.708806992 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.726512909 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.731661081 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731683016 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731697083 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731709003 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731720924 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731745005 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731758118 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731796980 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.731885910 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731899023 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731909990 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.731954098 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.736768961 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736794949 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736807108 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736829042 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736840963 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736841917 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.736865997 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736880064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736890078 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.736905098 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.736963034 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.737061024 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.737072945 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.737083912 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.737139940 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.737190008 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.741816998 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.741843939 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.741899967 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.741955996 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742005110 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742033958 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742063999 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742105007 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742117882 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742176056 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742196083 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742254019 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742258072 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742289066 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742324114 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742336988 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742357016 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742366076 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742415905 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742429018 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742444038 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742474079 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742491961 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742501020 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742522001 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742548943 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742552996 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742575884 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742584944 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742602110 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742614031 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742635012 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742644072 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742662907 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.742671013 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742700100 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.742724895 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.746814013 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.746884108 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.746933937 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.746954918 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.746968031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.746989012 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747039080 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747476101 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747500896 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747530937 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747533083 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747564077 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747565031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747591972 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747632027 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747642994 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747657061 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747685909 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747704029 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747724056 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747737885 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747737885 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747750998 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747765064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747778893 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747793913 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747802973 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.747847080 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747859955 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747873068 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747886896 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747909069 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747920036 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747941017 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747953892 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747973919 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.747986078 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748018980 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748030901 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748050928 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748064041 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748115063 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748126984 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748140097 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748151064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748172045 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748183012 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748194933 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748205900 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748217106 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748239040 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748250008 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748297930 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748310089 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748322010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748434067 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748445988 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748450041 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.748456955 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748502016 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748514891 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748527050 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748538971 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748552084 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748574972 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748591900 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748593092 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.748605013 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748617887 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748630047 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748651028 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748661995 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748683929 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748694897 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748716116 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.748728037 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.751749039 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752321959 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752332926 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752343893 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752366066 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752377987 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752388954 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752434015 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752445936 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752466917 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752477884 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752557039 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752568960 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752614975 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752626896 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752640963 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752756119 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752793074 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752897978 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.752909899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753048897 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753061056 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753072977 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753127098 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753138065 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753186941 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753199100 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753251076 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753262997 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753474951 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.753577948 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.753580093 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753593922 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753623962 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753635883 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753678083 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753746986 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753758907 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753822088 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753843069 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753902912 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753916979 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.753998995 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754010916 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754034996 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754045963 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754056931 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754070044 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754132986 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754144907 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754156113 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754167080 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754196882 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754209042 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754220009 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754240990 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754252911 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754264116 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754283905 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754296064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754314899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754367113 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754378080 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754470110 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754482031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754492998 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754503965 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754514933 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754540920 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754564047 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754587889 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754611015 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754653931 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754678011 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754700899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754724026 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754766941 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754790068 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754812956 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754837036 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754859924 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754883051 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754924059 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.754947901 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758450031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758464098 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758522987 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758536100 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758548021 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758570910 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758584023 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758625031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758681059 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.758764029 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758824110 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.758833885 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758847952 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758915901 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758928061 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758965969 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.758989096 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759002924 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759013891 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759074926 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759087086 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759108067 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759124994 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759144068 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759157896 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759202003 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759213924 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759248018 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759259939 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759319067 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759330988 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759373903 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759387016 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759408951 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759421110 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759433031 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759464979 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759475946 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759486914 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759510994 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759814024 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759825945 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759846926 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759857893 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759923935 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759936094 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759962082 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.759974003 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760030985 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760042906 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760062933 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760075092 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760097027 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760108948 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.760121107 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765145063 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765275955 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765362024 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765388012 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765387058 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.765414000 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765444994 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765471935 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765527010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765528917 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.765594006 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765639067 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765898943 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765927076 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765971899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.765997887 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766046047 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766072989 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766124010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766154051 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766179085 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766205072 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766611099 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766637087 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766704082 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766730070 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766756058 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766782045 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766808033 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766834974 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766880989 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766906977 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766936064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.766998053 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767138958 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767214060 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767241001 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767287016 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767313957 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767359018 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767385960 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767432928 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767458916 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767505884 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767533064 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767601013 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767627954 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767653942 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767679930 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767707109 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767733097 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767759085 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767782927 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767829895 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.767855883 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773036003 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773049116 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773102999 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773114920 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773127079 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773139000 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773159981 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773171902 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773183107 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773195028 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773230076 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773241997 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773253918 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773266077 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773277044 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773288965 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773294926 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.773309946 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773323059 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773346901 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773360014 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773380995 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773395061 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773396015 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.773427010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773437977 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773485899 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773500919 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773554087 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773565054 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773621082 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773632050 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773701906 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773714066 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773767948 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773780107 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773801088 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773816109 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773876905 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773896933 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773952007 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.773999929 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.774044991 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.774729967 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.774777889 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.774910927 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775219917 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775232077 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775244951 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775389910 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775403023 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775553942 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775615931 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775629044 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.775643110 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.779947996 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.779958963 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.779979944 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.779992104 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780011892 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780023098 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780092955 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780105114 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780144930 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780165911 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780180931 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.780232906 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780245066 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780257940 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780303955 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.780373096 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780385971 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780397892 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780410051 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780421972 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780432940 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780563116 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780574083 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780585051 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780628920 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780669928 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780690908 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.780764103 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.822554111 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.822799921 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.822953939 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.822953939 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.823048115 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:05.827943087 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.827956915 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.827977896 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.827990055 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828064919 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828077078 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828088045 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828111887 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828135014 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828147888 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828160048 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828171015 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828217030 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828228951 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828243017 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828294992 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828337908 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828351021 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828413010 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828423977 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828447104 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828459024 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.828510046 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:05.858406067 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:06.533020020 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:06.533639908 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Jul 27, 2024 04:12:06.538609028 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:06.710937023 CEST | 1912 | 49730 | 52.143.157.240 | 192.168.2.4 |
Jul 27, 2024 04:12:06.747708082 CEST | 49730 | 1912 | 192.168.2.4 | 52.143.157.240 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 22:11:57 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\TvfkTdK16A.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 307'712 bytes |
MD5 hash: | 204B989B2D91E1283FE6C42AC5DED27B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 9.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 81 |
Total number of Limit Nodes: | 7 |
Graph
Function 055CEE58 Relevance: 2.5, Strings: 1, Instructions: 1235COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 055C8840 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 055C8850 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156AE30 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01565935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 055C0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01564248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0150D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0151D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0151D006 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0150D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0150DA81 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0150DA80 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 055C0040 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0156DC74 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 055C0006 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|