Windows
Analysis Report
nuCc19sDOl.exe
Overview
General Information
Sample name: | nuCc19sDOl.exerenamed because original name is a hash value |
Original sample name: | 01e059b3901bd579fb8ea4ebc34009f9.exe |
Analysis ID: | 1483425 |
MD5: | 01e059b3901bd579fb8ea4ebc34009f9 |
SHA1: | 19b0a2db06db2afbef2b95221d2c11fe4107aa43 |
SHA256: | 05e5cab97709be490b7216163e29d326f43d4f273bdfccf93a485212064b4aca |
Tags: | exeRedLineStealer |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- nuCc19sDOl.exe (PID: 6652 cmdline:
"C:\Users\ user\Deskt op\nuCc19s DOl.exe" MD5: 01E059B3901BD579FB8EA4EBC34009F9) - conhost.exe (PID: 6672 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - MSBuild.exe (PID: 6864 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "5.42.92.213:46419", "Bot Id": "478596", "Authorization Header": "d409ddacd5400779d74f75370da84208"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 2024-07-27T12:12:06.512543+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:55.686346+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:06.733994+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:09.445963+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:06.259979+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:11.913475+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:00.321853+0200 |
SID: | 2043234 |
Source Port: | 46419 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:06.963750+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:09.826085+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:09.188597+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:11.052524+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:08.253192+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:09.726434+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:10.122926+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:05.370389+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:06.037205+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:07.886941+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:17.533976+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:05.827728+0200 |
SID: | 2046056 |
Source Port: | 46419 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:08.755787+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:08.971532+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:05.822240+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:12.155240+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:11.480008+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:10.128355+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:08.534683+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:11.270445+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:00.115561+0200 |
SID: | 2046045 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T12:12:11.697363+0200 |
SID: | 2043231 |
Source Port: | 49730 |
Destination Port: | 46419 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 2_2_06A00040 |
Networking |
---|
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 0_2_6CF575A0 |
Source: | Code function: | 0_2_6CF575A0 | |
Source: | Code function: | 0_2_6CF57A60 | |
Source: | Code function: | 0_2_6CF51230 | |
Source: | Code function: | 0_2_6CF650E0 | |
Source: | Code function: | 0_2_6CF70BB5 | |
Source: | Code function: | 0_2_6CF7EB17 | |
Source: | Code function: | 0_2_017B1070 | |
Source: | Code function: | 0_2_017B2528 | |
Source: | Code function: | 0_2_017B0972 | |
Source: | Code function: | 0_2_017B0927 | |
Source: | Code function: | 0_2_017B39F0 | |
Source: | Code function: | 0_2_017B39E0 | |
Source: | Code function: | 0_2_017B1053 | |
Source: | Code function: | 0_2_017B08DF | |
Source: | Code function: | 0_2_017B0A87 | |
Source: | Code function: | 0_2_017B2518 | |
Source: | Code function: | 0_2_017B0C40 | |
Source: | Code function: | 0_2_017B24E7 | |
Source: | Code function: | 0_2_017B2E70 | |
Source: | Code function: | 0_2_0AF04748 | |
Source: | Code function: | 0_2_0AF04388 | |
Source: | Code function: | 2_2_0261DC74 | |
Source: | Code function: | 2_2_04E68D28 | |
Source: | Code function: | 2_2_04E66948 | |
Source: | Code function: | 2_2_04E60040 | |
Source: | Code function: | 2_2_04E6001F | |
Source: | Code function: | 2_2_04E68D18 | |
Source: | Code function: | 2_2_06A0F358 | |
Source: | Code function: | 2_2_06A080C8 | |
Source: | Code function: | 2_2_06A00040 | |
Source: | Code function: | 2_2_06A02118 | |
Source: | Code function: | 2_2_06A02D28 | |
Source: | Code function: | 2_2_06A0BA20 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Code function: | 0_2_6CF712F7 | |
Source: | Code function: | 0_2_6CF79181 | |
Source: | Code function: | 0_2_6CF7EB12 | |
Source: | Code function: | 0_2_0AEF071F | |
Source: | Code function: | 2_2_04E6D921 | |
Source: | Code function: | 2_2_06A0B89E | |
Source: | Code function: | 2_2_06A0B8E3 | |
Source: | Code function: | 2_2_06A0B92E | |
Source: | Code function: | 2_2_06A0B982 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_6CF65FCA |
Source: | Code function: | 0_2_6CF6BD3B |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_6CF65AF1 | |
Source: | Code function: | 0_2_6CF65FCA | |
Source: | Code function: | 0_2_6CF69F67 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_6CF57A60 |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_6CF66188 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_6CF65C13 |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 341 Security Software Discovery | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 124 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
74% | ReversingLabs | ByteCode-MSIL.Ransomware.RedLine | ||
46% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1310947 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
88% | ReversingLabs | Win32.Trojan.LummaStealer | ||
73% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false |
| unknown |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.42.92.213 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1483425 |
Start date and time: | 2024-07-27 12:11:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | nuCc19sDOl.exerenamed because original name is a hash value |
Original Sample Name: | 01e059b3901bd579fb8ea4ebc34009f9.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/3@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.114.59.183, 199.232.214.172, 192.229.221.95, 20.242.39.171, 52.165.164.15
- Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:12:06 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Bdaejec, GCleaner | Browse |
| ||
Get hash | malicious | Bdaejec, GCleaner, Nymaim | Browse |
| ||
Get hash | malicious | EICAR | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RedLine | Browse |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3094 |
Entropy (8bit): | 5.33145931749415 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\nuCc19sDOl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.0050635535766075 |
Encrypted: | false |
SSDEEP: | 3:QHXMKa/xwwUy:Q3La/xwQ |
MD5: | 84CFDB4B995B1DBF543B26B86C863ADC |
SHA1: | D2F47764908BF30036CF8248B9FF5541E2711FA2 |
SHA-256: | D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B |
SHA-512: | 485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\nuCc19sDOl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 474112 |
Entropy (8bit): | 6.079874930357952 |
Encrypted: | false |
SSDEEP: | 12288:ftPYiCgkpxunuWo1jrKrAahMAFfyUImDCjN:ftPYiCX0IjrKrAahzvImDC |
MD5: | 27A834D436810EE96B12694BEFDB3B43 |
SHA1: | D6FFDD44C46DB61F62A9DF2998DE8FA3B201F056 |
SHA-256: | F10655DED0EF7FAF5E2044747589333F3A04A36DBD7890903DA55F0C44E382D2 |
SHA-512: | 911276F8F2DBB597710C1F94973A98C5E2E8283CA99831AB5E62BA58B3EDE9FB4CC42EC98880BCF16D30F8E85751AD889382D186D31F6EF41655CC0E3A730E7A |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.725005035511834 |
TrID: |
|
File name: | nuCc19sDOl.exe |
File size: | 625'152 bytes |
MD5: | 01e059b3901bd579fb8ea4ebc34009f9 |
SHA1: | 19b0a2db06db2afbef2b95221d2c11fe4107aa43 |
SHA256: | 05e5cab97709be490b7216163e29d326f43d4f273bdfccf93a485212064b4aca |
SHA512: | 05883c1f726dfba182b7d9cfa290d77ba74d3ce2985a1718f16a22744edadab2e3afc1793c4a3f54368d5ef7cdacb9e1babd31f38d493fbbc01d853c9a2be3af |
SSDEEP: | 12288:4JP/raKAKMPNmB+owvLgT9DBGZLZ9i9OurXl5AFy7t9kHtFn7S9F+nI7WU15TOY1:4/AHPQB+hIBG1kOH6 |
TLSH: | 61D42DDD765072DFC85BC972CEA81C68EA5034BB871B9203906719EDDA5E89BCF140F2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(.f.................~..........^.... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x499d5e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x669D28CF [Sun Jul 21 15:27:11 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x99d08 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9a000 | 0x688 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x9c000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x97d64 | 0x97e00 | ab7c224893805d7176f0f9f899a3ef75 | False | 0.6113554526748971 | data | 6.731080317743544 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9a000 | 0x688 | 0x800 | 9bc5dfd6bf6476c433eaea498b1218ee | False | 0.35302734375 | data | 3.635968076664953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x9c000 | 0xc | 0x200 | 5e5aec80690ad0a08256d137cd4bdf18 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x9a0a0 | 0x3fc | data | 0.4088235294117647 | ||
RT_MANIFEST | 0x9a49c | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-27T12:12:06.512543+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:55.686346+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49737 | 20.114.59.183 | 192.168.2.4 |
2024-07-27T12:12:06.733994+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:09.445963+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:06.259979+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:11.913475+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:00.321853+0200 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
2024-07-27T12:12:06.963750+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:09.826085+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:09.188597+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:11.052524+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:08.253192+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:09.726434+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:10.122926+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:05.370389+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:06.037205+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:07.886941+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:17.533976+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49731 | 20.114.59.183 | 192.168.2.4 |
2024-07-27T12:12:05.827728+0200 | TCP | 2046056 | ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
2024-07-27T12:12:08.755787+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:08.971532+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:05.822240+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:12.155240+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:11.480008+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:10.128355+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:08.534683+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:11.270445+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:00.115561+0200 | TCP | 2046045 | ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
2024-07-27T12:12:11.697363+0200 | TCP | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 27, 2024 12:11:53.601545095 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 27, 2024 12:11:59.358750105 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:11:59.364186049 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:11:59.364263058 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:11:59.381304979 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:11:59.386472940 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:00.052894115 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:00.101584911 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:00.115561008 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:00.121463060 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:00.321852922 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:00.367137909 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:03.210824013 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 27, 2024 12:12:05.370388985 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:05.392292976 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.600991011 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.601041079 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.601077080 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.601103067 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:05.601111889 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.601150036 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:05.601161957 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:05.648309946 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:05.822240114 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:05.827728033 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.033339024 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.037204981 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.047758102 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.248157024 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.259979010 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.265192986 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.465255976 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.508208990 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.512542963 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.518907070 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.728985071 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.733994007 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.746841908 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.952682018 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.963749886 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:06.970953941 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.970999002 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.971028090 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.971055984 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.971084118 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.973082066 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.973109961 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:06.973334074 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:07.280647039 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:07.335829020 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:07.886940956 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:07.894290924 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:07.894335032 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:07.894364119 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.228346109 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.253191948 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:08.260400057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.468641043 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.524533033 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:08.534682989 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:08.539891958 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.754105091 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.755786896 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:08.761305094 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.969573021 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:08.971532106 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:08.986795902 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.187621117 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.188596964 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:09.193743944 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.394819021 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.445199966 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:09.445962906 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:09.451039076 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451078892 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451112032 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451291084 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451320887 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451375961 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451402903 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451452017 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.451479912 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.456113100 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.456221104 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.456248999 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.456276894 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.456306934 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.681288004 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:09.726433992 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:09.826085091 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:09.832324028 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.040946960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.085817099 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.122925997 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128285885 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128328085 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128355026 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128381014 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128390074 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128408909 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128437996 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128454924 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128464937 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128495932 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128523111 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128530025 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128583908 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128598928 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128627062 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.128659010 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.128688097 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133661032 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133690119 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133721113 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133771896 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133856058 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133884907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133914948 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133919001 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133946896 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133958101 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.133970976 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.133985043 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.134011030 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.134037018 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.134118080 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.134186029 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.134273052 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.134318113 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.134346008 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.134367943 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.134383917 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.134423971 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.139820099 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.139883995 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140083075 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140136003 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140183926 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140243053 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140574932 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140628099 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140650034 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140682936 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140703917 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140711069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140753984 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140758991 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140788078 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140806913 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140815973 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140841007 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140842915 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140871048 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140873909 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140897036 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140899897 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.140944004 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140971899 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.140999079 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141025066 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141052008 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141077995 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141103983 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141129971 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141155958 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141181946 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141207933 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141259909 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141287088 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141314983 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141341925 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141350031 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141367912 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141395092 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141412973 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141422987 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141436100 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141449928 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141477108 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141480923 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141503096 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141503096 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141521931 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141530991 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141556978 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141562939 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141583920 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141587019 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141603947 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141611099 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141638041 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141638994 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141658068 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141664982 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141690969 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141699076 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141721964 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141725063 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141745090 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141748905 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.141763926 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.141799927 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145636082 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145664930 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145690918 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145692110 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145709991 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145719051 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145740032 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145746946 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145776033 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145777941 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145802975 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145803928 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145822048 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145832062 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145859003 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145859003 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145879984 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145885944 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145914078 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145922899 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.145941019 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145967960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.145994902 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.146022081 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.146048069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.146074057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.146856070 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147272110 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147345066 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147372007 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147490978 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147517920 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147599936 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147902966 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147931099 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147957087 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.147988081 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148035049 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148066044 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148277998 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148310900 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148358107 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148536921 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148561954 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148565054 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148591995 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148638964 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148643017 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148663998 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148670912 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148688078 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148698092 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148739100 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148746014 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148766041 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148772955 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148802042 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148813963 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148838997 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148840904 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148864985 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148891926 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148897886 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148919106 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148946047 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148946047 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148969889 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.148972988 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.148993969 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149020910 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149025917 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149049044 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149075031 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149079084 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149102926 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149102926 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149121046 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149130106 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149156094 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149159908 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149178982 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149183035 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149210930 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149220943 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149238110 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149249077 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.149286985 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149317026 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149344921 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149372101 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149398088 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149425030 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149451971 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149482965 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149509907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149535894 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149561882 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149588108 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149614096 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149640083 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149688005 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149713993 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149740934 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149768114 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.149794102 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151407957 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151458025 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151485920 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151842117 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151870012 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151895046 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151928902 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151954889 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.151982069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.152008057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.152034044 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.152060986 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.152245998 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154735088 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154766083 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154789925 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154808998 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154814005 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154841900 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154869080 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154891014 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154918909 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154918909 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154947996 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.154966116 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.154974937 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155002117 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155003071 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155019999 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155030012 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155050039 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155081034 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155087948 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155109882 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155136108 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155138016 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155162096 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155164957 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155183077 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.155191898 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155217886 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155244112 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155271053 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155298948 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155345917 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155373096 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155399084 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155425072 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155451059 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155477047 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155503035 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155529022 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155555964 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155581951 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155607939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155637980 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155664921 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155689955 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155739069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155766010 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155791998 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155818939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155844927 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155870914 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155898094 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155925035 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155951977 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.155978918 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156004906 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156030893 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156058073 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156105042 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156131983 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156157970 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156183958 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156209946 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156235933 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156261921 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156287909 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.156512976 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.157159090 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157186985 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157217026 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.157234907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157238007 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.157263041 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157300949 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.157314062 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157341957 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157368898 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.157388926 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157416105 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157443047 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157491922 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157519102 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157545090 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157593012 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157619953 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157645941 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157672882 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157699108 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157749891 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157778025 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157804966 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157830954 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157857895 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157883883 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157910109 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157937050 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.157984018 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158011913 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158039093 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158065081 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158092022 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158118010 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158143997 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158169985 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158195972 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158221960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158267975 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158296108 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.158323050 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161227942 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161257029 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161304951 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161331892 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161358118 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161385059 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161411047 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161458969 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161487103 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161513090 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161540031 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161566019 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161592960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161618948 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161667109 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161694050 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161720037 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161746025 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161772013 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161798954 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161824942 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161870956 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161899090 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161925077 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161941051 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.161951065 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.161978006 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162004948 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162045956 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.162051916 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162080050 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162106991 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162132978 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162159920 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162185907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162213087 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162239075 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162266016 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162292004 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162321091 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162369013 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162395954 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162422895 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162447929 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162473917 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162499905 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162527084 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162553072 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162579060 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162606001 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162631989 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162657976 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162683964 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162709951 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162735939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162761927 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162789106 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.162815094 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163181067 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163208008 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163239002 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163266897 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163328886 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163357019 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163408041 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163434029 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163460970 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163486958 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163532972 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163558960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163606882 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163634062 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.163880110 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.163986921 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.168380022 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168410063 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168458939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168502092 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168741941 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168770075 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168849945 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.168900013 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169022083 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169080973 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169209957 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169236898 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169286013 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169317007 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169388056 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169418097 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169444084 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169527054 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169554949 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169603109 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169630051 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169677019 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169703960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169729948 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169763088 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169810057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169837952 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169864893 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169891119 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169918060 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169965029 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.169991970 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170018911 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170044899 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170070887 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170097113 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170144081 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170170069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170196056 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170222044 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170269966 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170298100 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170324087 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170350075 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170397997 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170423985 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170470953 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170497894 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170527935 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170816898 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170845032 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.170887947 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171047926 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171080112 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171309948 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.171313047 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171340942 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171370983 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171396971 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171412945 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.171447039 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171473980 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171519995 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171547890 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171941996 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171969891 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.171999931 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172025919 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172074080 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172101021 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172147036 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172174931 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172775984 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172804117 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172831059 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172857046 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.172993898 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173022032 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173069000 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173095942 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173122883 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173150063 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173311949 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173358917 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173386097 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173417091 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173444033 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173585892 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173614025 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173640013 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173763990 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173791885 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173818111 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173845053 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173871040 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173897028 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173943996 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.173990965 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174019098 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174308062 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174369097 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174396038 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174426079 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174452066 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174479008 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174504995 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174530983 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.174577951 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176496029 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176527023 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176554918 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176585913 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176635027 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176666975 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176723957 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.176731110 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.176842928 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.177565098 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177592993 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177675009 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177701950 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177728891 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177756071 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177804947 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177833080 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177859068 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177885056 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177916050 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177942991 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177968979 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.177994967 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178045034 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178072929 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178098917 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178124905 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178163052 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178190947 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178237915 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178265095 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178292036 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178320885 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178347111 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178373098 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178399086 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178426027 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178452015 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178478003 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178504944 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178530931 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178556919 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178582907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178611040 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178637028 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178663969 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178711891 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178739071 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178771019 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178797960 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178824902 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178852081 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178878069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178905010 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.178930998 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.181984901 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182013988 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182040930 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182068110 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182094097 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182121038 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182147026 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182173967 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182202101 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182229042 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182241917 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:10.182284117 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182312965 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182339907 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182368040 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182395935 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182423115 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182449102 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182476997 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182503939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182531118 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182579994 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182607889 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182635069 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182661057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182687998 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182713985 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182739973 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182766914 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182792902 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182818890 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182845116 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.182872057 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:10.223756075 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.048351049 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.052524090 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:11.057439089 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.266215086 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.270445108 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:11.275599003 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.477648973 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.480007887 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:11.484930992 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.696901083 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.697362900 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:11.703248024 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.912623882 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:11.913475037 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:11.918452024 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:12.120214939 CEST | 46419 | 49730 | 5.42.92.213 | 192.168.2.4 |
Jul 27, 2024 12:12:12.155240059 CEST | 49730 | 46419 | 192.168.2.4 | 5.42.92.213 |
Jul 27, 2024 12:12:19.246202946 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 27, 2024 12:12:19.251566887 CEST | 80 | 49723 | 2.19.126.163 | 192.168.2.4 |
Jul 27, 2024 12:12:19.251626968 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 27, 2024 12:13:07.382949114 CEST | 49724 | 80 | 192.168.2.4 | 2.19.126.163 |
Jul 27, 2024 12:13:07.388839960 CEST | 80 | 49724 | 2.19.126.163 | 192.168.2.4 |
Jul 27, 2024 12:13:07.392471075 CEST | 49724 | 80 | 192.168.2.4 | 2.19.126.163 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 27, 2024 12:12:16.770226955 CEST | 1.1.1.1 | 192.168.2.4 | 0x7f6d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 27, 2024 12:12:16.770226955 CEST | 1.1.1.1 | 192.168.2.4 | 0x7f6d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 27, 2024 12:12:18.180906057 CEST | 1.1.1.1 | 192.168.2.4 | 0x2e1 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 27, 2024 12:12:18.180906057 CEST | 1.1.1.1 | 192.168.2.4 | 0x2e1 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Jul 27, 2024 12:12:30.412411928 CEST | 1.1.1.1 | 192.168.2.4 | 0xc400 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 27, 2024 12:12:30.412411928 CEST | 1.1.1.1 | 192.168.2.4 | 0xc400 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:11:56 |
Start date: | 27/07/2024 |
Path: | C:\Users\user\Desktop\nuCc19sDOl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 625'152 bytes |
MD5 hash: | 01E059B3901BD579FB8EA4EBC34009F9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 06:11:56 |
Start date: | 27/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:11:57 |
Start date: | 27/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4e0000 |
File size: | 262'432 bytes |
MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 18.4% |
Dynamic/Decrypted Code Coverage: | 1.8% |
Signature Coverage: | 11.2% |
Total number of Nodes: | 599 |
Total number of Limit Nodes: | 6 |
Graph
Function 6CF57A60 Relevance: 96.7, APIs: 19, Strings: 29, Instructions: 12701memorythreadinjectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF51230 Relevance: 63.6, APIs: 15, Strings: 18, Instructions: 5829filememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF575A0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 254librarynativeloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 017B24E7 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B2528 Relevance: 3.9, Strings: 3, Instructions: 176COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B2518 Relevance: 3.9, Strings: 3, Instructions: 176COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1053 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1070 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0AF04748 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B08DF Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF657E1 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF6BE0C Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0AF05178 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0AF05508 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1778 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0838 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0848 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1290 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1575 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B3CB0 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B28E1 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B29A0 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B1BD9 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B29B0 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B22DA Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B21B5 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B09E5 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF66188 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 017B39E0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B2E70 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B39F0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF6BD3B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF7EB17 Relevance: .8, Instructions: 816COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF650E0 Relevance: .4, Instructions: 445COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0AF04388 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0972 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0927 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0C40 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 017B0A87 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF679FA Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF6B96A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF68BAE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF6D625 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF67622 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF6A3B8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF6B80F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 6CF67D9F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 11.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 159 |
Total number of Limit Nodes: | 11 |
Graph
Function 06A00040 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04E61B90 Relevance: 1.8, APIs: 1, Instructions: 309COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04E61CE4 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04E60AA8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04E60BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02614248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02615935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261B2A0 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06A056EC Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06A05B67 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0261B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D774 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D1D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D1D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D76F Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0D4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0DA6D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D0DA6C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|